CVE-2026-1470

n8n and Affected Versions n8n (affected versions not specified)

Description n8n is affected by a critical Remote Code Execution (RCE) issue within its workflow Expression evaluation system. An authenticated attacker can leverage this to execute arbitrary code with the privileges of the n8n process. This is possible because expressions provided by authenticated users during workflow configuration are evaluated in an execution context that lacks sufficient isolation from the underlying runtime. Successful exploitation could lead to a full compromise of the affected instance, potentially granting unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. Approximately 981,000 services are estimated to be exposed yearly. The issue involves bypassing the Expression sandbox, allowing for the execution of arbitrary JavaScript code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.