CVE-2026-27495

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22

Description n8n is an open source workflow automation platform. An authenticated user with permission to create or modify workflows could exploit a weakness in the JavaScript Task Runner sandbox to execute code outside of its intended boundary. When using the default internal Task Runners, this could lead to a complete compromise of the n8n host system. If external Task Runners are in use, an attacker might gain access to or disrupt other tasks running on the Task Runner. The Task Runners must be enabled using the N8N RUNNERS ENABLED=true setting. Reports indicate over 100,000 servers are potentially affected, with a significant concentration in the United States and a notable presence in Russia.

Recommendations Upgrade to n8n version 2.10.1 or later. Upgrade to n8n version 2.9.3 or later. Upgrade to n8n version 1.123.22 or later.