- n8n contains two Sandbox-escape flaws that can lead to remote code execution for authenticated users.
- One issue, CVE-2026-1470, scores 9.9 and targets the JavaScript Expression sandbox.
- CVE-2026-0863 scores 8.5 and bypasses the python-task-executor sandbox to run Python code.
- Users should upgrade to patched releases listed by the vendor and avoid running in internal task-execution mode; guidance is in the Hosting/configuration/task-runners/”>task runners documentation.
JFrog Security researchers disclosed two new vulnerabilities in the n8n workflow automation platform on Jan. 28, 2026, that allow authenticated users to escape sandboxing and execute code on host systems, including in some internal execution setups. The issues were reported with high severity and detailed in a technical write-up by JFrog Security Research.
The first flaw, CVE-2026-1470, is an eval injection in the JavaScript Expression sandbox with a CVSS score of 9.9. An authenticated attacker can submit crafted JavaScript that bypasses the Expression sandbox mechanism and achieve remote code execution on the main n8n node.
The second flaw, CVE-2026-0863, is an eval injection against the python-task-executor sandbox with a CVSS score of 8.5. This vulnerability can let an authenticated user run arbitrary Python on the underlying operating system.
“As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others,” JFrog wrote in its disclosure. The vendor warned that sandbox escapes can effectively give an attacker broad access.
Patches are available; affected users are advised to upgrade to the fixed releases. For CVE-2026-1470 install 1.123.17, 2.4.5, or 2.5.1. For CVE-2026-0863 install 1.123.14, 2.3.5, or 2.4.2.
“These vulnerabilities highlight how difficult it is to safely sandbox dynamic, high‑level languages such as JavaScript and Python,” said researcher Nathan Nehorai. “In this case, deprecated or rarely used constructs, combined with interpreter changes and exception handling behavior, were enough to break out of otherwise restrictive sandboxes and achieve remote code execution.”
The disclosure follows another maximum-severity n8n flaw (CVE-2026-21858, “Ni8mare”) reported weeks earlier. Users should review task-runner configuration and apply updates promptly; n8n documentation recommends using external execution mode for production.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
