Overview
- JFrog disclosed CVE-2026-1470 (CVSS 9.9) in n8n’s JavaScript engine and CVE-2026-0863 (CVSS 8.5) in Python execution, both enabling remote code execution by escaping AST-based sandboxes.
- The JavaScript flaw abuses the deprecated with statement to reach the Function constructor, while the Python flaw leverages format-string behavior and Python 3.10+ exception handling to regain restricted objects.
- Exploitation requires permissions to create or modify workflows, raising risk from non‑admin insiders or compromised user accounts with legitimate access.
- Successful attacks execute on n8n’s main node, potentially exposing environment variables, secrets, and access to connected services, allowing full takeover of affected instances.
- n8n patched the issues in versions 1.123.17/2.4.5/2.5.1 (JS) and 1.123.14/2.3.5/2.4.2 (Python); the cloud service is fixed, but reports note slow updates among self-hosted servers, with a public exploit promised by a researcher.