CVE-2026-27495 Overview
CVE-2026-27495 is a critical sandbox escape vulnerability in n8n, a popular open source workflow automation platform. The vulnerability exists in the JavaScript Task Runner sandbox, allowing authenticated users with workflow creation or modification permissions to execute arbitrary code outside the sandbox boundary. This code injection vulnerability (CWE-94) can lead to full host compromise on instances using the default internal Task Runner configuration.
Critical Impact
Authenticated attackers can escape the JavaScript Task Runner sandbox to execute arbitrary code, potentially achieving full compromise of the n8n host system or impacting other tasks on external Task Runners.
Affected Products
- n8n versions prior to 2.10.1
- n8n versions prior to 2.9.3
- n8n versions prior to 1.123.22
Discovery Timeline
- 2026-02-25 - CVE CVE-2026-27495 published to NVD
- 2026-02-25 - Last updated in NVD database
Technical Details for CVE-2026-27495
Vulnerability Analysis
This vulnerability represents a critical code injection flaw (CWE-94) in n8n's JavaScript Task Runner sandbox implementation. The sandbox is designed to provide isolated execution environments for workflow code, but a weakness in the boundary enforcement allows authenticated users to break out of this isolation.
The exploitation requires the attacker to have valid credentials and permissions to create or modify workflows within the n8n instance. Additionally, Task Runners must be enabled via the N8N_RUNNERS_ENABLED=true configuration setting. When these conditions are met, the attacker can craft malicious workflow code that escapes the sandbox constraints.
The impact varies based on the Task Runner configuration:
- Internal Task Runners (default mode): Full compromise of the n8n host is possible, as the sandbox escape grants access to the underlying system
- External Task Runners: The attacker may gain access to or impact other tasks executed on the Task Runner, providing lateral movement opportunities
Root Cause
The root cause lies in insufficient boundary enforcement within the JavaScript Task Runner sandbox. The sandbox implementation fails to properly isolate workflow code execution from the host environment, allowing carefully crafted JavaScript to access resources and execute code outside the intended sandbox scope. This represents a failure in the secure code execution model that workflow automation platforms rely upon.
Attack Vector
The attack is network-accessible, requiring low privileges (authenticated user with workflow permissions) and no user interaction. An attacker must:
- Obtain valid credentials to the n8n instance
- Have permissions to create or modify workflows
- Ensure Task Runners are enabled (N8N_RUNNERS_ENABLED=true)
- Craft a malicious workflow containing JavaScript code designed to escape the sandbox
The vulnerability exploits weaknesses in how the Task Runner evaluates and isolates JavaScript code within workflows. When the malicious workflow is executed, the sandbox escape triggers, allowing the attacker's code to run with the privileges of the Task Runner process rather than within the restricted sandbox environment.
For technical details on the sandbox escape mechanism, refer to the GitHub Security Advisory GHSA-jjpj-p2wh-qf23.
Detection Methods for CVE-2026-27495
Indicators of Compromise
- Unusual workflow modifications by users who don't typically edit automation workflows
- Unexpected processes spawned by the n8n Task Runner process
- Anomalous outbound network connections from n8n host systems
- Workflow execution logs containing obfuscated or suspicious JavaScript code patterns
Detection Strategies
- Monitor workflow creation and modification events for suspicious JavaScript patterns that may indicate sandbox escape attempts
- Implement process monitoring on n8n hosts to detect unexpected child processes of the Task Runner
- Review audit logs for workflow changes made by users with elevated permissions
- Deploy file integrity monitoring on n8n installation directories
Monitoring Recommendations
- Enable comprehensive logging for workflow execution events and Task Runner activity
- Configure alerts for workflow modifications that include code evaluation patterns
- Monitor system calls and process trees originating from the n8n application
- Establish baseline behavior for Task Runner processes to detect anomalous execution patterns
How to Mitigate CVE-2026-27495
Immediate Actions Required
- Upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later immediately
- Audit all users with workflow creation and modification permissions
- Review recently created or modified workflows for suspicious code patterns
- Consider disabling Task Runners (N8N_RUNNERS_ENABLED=false) if not actively required until patching is complete
Patch Information
n8n has released security patches addressing this vulnerability in multiple version branches. Organizations should upgrade to one of the following fixed versions:
For detailed configuration information regarding Task Runners, refer to the n8n Task Runners Configuration documentation.
Workarounds
- Limit workflow creation and editing permissions to fully trusted users only until patching is complete
- Configure external runner mode (N8N_RUNNERS_MODE=external) to limit the blast radius of potential exploitation
- Implement network segmentation to isolate n8n hosts from critical infrastructure
# Configuration to use external runner mode as temporary mitigation
export N8N_RUNNERS_MODE=external
# Note: These workarounds do not fully remediate the risk
# and should only be used as short-term mitigation measures
# Upgrade to patched versions as soon as possible
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
