CVE-2026-27577

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22

Description n8n, an open source workflow automation platform, contains a critical Remote Code Execution (RCE) issue in its workflow expression evaluation system. An authenticated user with permission to create or modify workflows can exploit crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue stems from insufficient isolation of the expression evaluation context from the underlying runtime.

Recommendations Upgrade to n8n version 2.10.1 or later. Upgrade to n8n version 2.9.3 or later. Upgrade to n8n version 1.123.22 or later. As a temporary workaround, limit workflow creation and editing permissions to fully trusted users only. As a temporary workaround, deploy n8n in a hardened environment with restricted operating system privileges and network access.