CVE-2026-1470

Name of the Vulnerable Software and Affected Versions n8n (affected versions not specified)

Description n8n contains a critical Remote Code Execution (RCE) issue within its workflow Expression evaluation system. An authenticated attacker can bypass the Expression sandbox and execute arbitrary code with the privileges of the n8n process. This is due to an eval injection flaw. Successful exploitation could lead to a full compromise of the affected instance, including unauthorized access to sensitive data and modification of workflows. Approximately 599,000 to 981,000 instances are potentially exposed. The issue allows authenticated users to break out of the JavaScript sandbox and execute code on the host system. The vulnerability is identified as CVE-2026-1470.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.