A technical analysis by JFrog Security Research disclosed two eval injection flaws in the n8n workflow automation platform that can let authenticated users execute remote code, including one rated CVSS 9.9.
KEY FACTS
- Incident Two eval injection vulnerabilities in n8n can bypass sandbox protections
- Vulnerabilities CVE-2026-1470 CVSS 9.9 and CVE-2026-0863 CVSS 8.5
- Impact Authenticated users can achieve remote code execution and hijack instances
- Mitigation Fixed releases are available for affected versions
CVE-2026-1470 is an eval injection flaw that can bypass n8n’s Expression sandbox and allow full remote code execution on the main node. CVE-2026-0863 is an eval injection that can bypass the python-task-executor sandbox and execute arbitrary Python on the host. The two flaws carry CVSS scores of 9.9 and 8.5.
Successful exploitation can permit an attacker to take control of an entire n8n instance, including when the instance runs in internal execution mode. Internal mode in production can pose a security risk and external mode provides stronger isolation between n8n and task runner processes.
Fixed releases for CVE-2026-1470 are 1.123.17 2.4.5 and 2.5.1. Fixed releases for CVE-2026-0863 are 1.123.14 2.3.5 and 2.4.2. Exploits can leverage deprecated or rarely used language constructs and interpreter behaviors to escape otherwise restrictive sandboxes.
WHY IT MATTERS
These flaws enable authenticated attackers to run code on automation infrastructure that connects to tools and data across an organization. Administrators should install the listed fixes to reduce the risk of instance compromise.