Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution

Security researcher Natan Nehorai of the JFrog Security Research Team has uncovered a critical Remote Code Execution (RCE) vulnerability in n8n, the popular fair-code workflow automation platform used by technical teams worldwide. Tracked as CVE-2026-1470, this flaw carries a CVSS score of 9.9, allowing authenticated users to shatter the platform’s sandbox defenses and execute arbitrary code on the main node.

The vulnerability targets the core of n8n’s flexibility: its Expression evaluation system. This feature, designed to let users write custom logic, has been found to lack sufficient isolation from the underlying runtime environment.

The issue lies in how n8n processes user-supplied expressions. According to the disclosure, “Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime”.

This oversight transforms a powerful feature into a deadly weapon. An attacker who has authenticated access—potentially a low-level user—can inject a malicious payload that bypasses the sandbox mechanism completely.

“An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process”.

Once the code is running, the game is essentially over. The attacker gains the same level of access as the n8n application itself, which often includes permission to access sensitive data, modify business-critical workflows, and execute system-level operations.

The vulnerability can be triggered by a carefully crafted JavaScript payload injected into an “Edit Fields” block.

The Proof of Concept (PoC) demonstrates how an attacker can use the constructor property to break out of the sandbox and invoke the child_process module:

{{ (function(){ var constructor = 123; with(function(){}){ return constructor("return process.mainModule.require('child_process').execSync('env').toString().trim()")() } })() }}

By executing this step, the attacker can force the server to run OS commands—in this case, printing the environment variables—and return the output directly in the JSON response.

The vulnerability affects specific version ranges of the platform. Administrators should check their instances immediately. The affected versions are:

• 1.123.17
• Versions between 2.0.0 and 2.4.5 (exclusive of 2.4.5)
• Versions between 2.5.0 and 2.5.1 (exclusive of 2.5.1)

Given the severity of the flaw and the public availability of exploit details, n8n administrators are urged to upgrade to a patched version immediately.

Related Posts:

• n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access
• Public Exploit Released: Critical n8n Flaw CVE-2026-21858 Exposes 100k Servers
• CVSS 10.0 Alert: Critical n8n Flaw CVE-2026-21877 Grants Total Control
• n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons
• Critical n8n RCE Flaw (CVE-2025-65964) Allows Remote Code Execution via Git Node Configuration Manipulation

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy