Two new security flaws in the n8n workflow automation platform have been found by cybersecurity researchers, one of which is a critical vulnerability that could lead to remote code execution This article explores security vulnerability n8n. .

The JFrog Security Research team found the following vulnerabilities: CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to get around the Expression sandbox mechanism and accomplish full remote code execution on n8n's main node by passing specially written JavaScript code CVE-2026-0863 (CVSS score: 8.5). An authenticated user may be able to get around n8n's python-task-executor sandbox limitations and execute any Python code on the underlying operating system thanks to an eval injection vulnerability. If the vulnerabilities are successfully exploited, an attacker may be able to take control of an entire n8n instance, even if it is running in "internal" execution mode.

According to its documentation, n8n advises users to switch to external mode in order to guarantee appropriate isolation between n8n and task runner processes because using internal mode in production environments can present a security risk. Users are recommended to update to CVE-2026-1470 (1.123.17, 2.4.5, or 2.5.1) or CVE-2026-0863 (1.123.14, 2.3.5, or 2.4.2) in order to fix the vulnerabilities. Only a few weeks have passed since Cyera Research Labs revealed a maximum-severity security vulnerability in n8n (CVE-2026-21858, also known as Ni8mare) that gives an unauthorized remote attacker total control over vulnerable instances.

According to researcher Nathan Nehorai, "these vulnerabilities highlight how difficult it is to safely sandbox dynamic, high-level languages like JavaScript and Python."

"Subtle language features and runtime behaviors can be leveraged to bypass security assumptions even with multiple validation layers, deny lists, and AST-based controls in place." "In this instance, interpreter modifications and exception handling behavior, along with deprecated or infrequently used constructs, were sufficient to escape otherwise constrictive sandboxes and accomplish remote code execution."