CVE-2026-1470: Critical n8n Flaw Allows Workflow Expressions to Trigger Full System Takeover

Aegiron 9 mins0

CVE-2026-1470

  • Product: n8n (workflow automation platform)
  • CVE ID: CVE-2026-1470
  • Severity: Critical
  • CVSS v3.1 Score: 9.9
  • Category: Expression Injection → Sandbox Escape → Remote Code Execution
  • Attack Vector: Network
  • Privileges Required: Low
  • User Interaction: None
  • Impact Scope: Changed (full application and host impact)
  • Patch Availability: Yes (vendor-provided)

High-Level Risk Statement

A critical weakness exists in the way n8n evaluates user-defined expressions inside workflows. The weakness allows sandbox restrictions to be bypassed, resulting in arbitrary code execution on the underlying system.

Because n8n commonly operates with elevated trust and stores sensitive credentials, exploitation of this vulnerability should be considered equivalent to a full system compromise. Immediate remediation is required.

Detailed Technical Explanation

Expression Handling in n8n

n8n workflows rely on expressions to dynamically process and transform data. These expressions are evaluated at runtime and are intended to be executed within a restricted JavaScript sandbox.

The sandbox is designed to prevent access to:

  • Operating system commands
  • Node.js runtime internals
  • File system access
  • Environment variables
  • Network primitives

Root Cause of the Vulnerability

In vulnerable versions, the sandbox does not fully isolate the execution context. Certain JavaScript language features and object traversal techniques can be abused to:

  • Reach higher-scope objects
  • Access runtime constructors
  • Interact with internal execution objects
  • Escape the sandbox boundary entirely

Once the sandbox boundary is crossed, the expression is no longer constrained and executes with the same privileges as the n8n process itself.

Why This Leads to RCE

After sandbox escape:

  • Arbitrary JavaScript can be executed
  • Native Node.js APIs become accessible
  • System commands can be invoked
  • Files can be read or modified
  • Secrets stored in memory or configuration can be extracted

Because the n8n service is often long-running and trusted, this execution context is highly valuable to an attacker.

Exploitation Scenario

The following sequence describes a realistic exploitation path, without revealing exploit code:

  1. An authenticated user with workflow-edit permissions accesses the n8n UI or API.
  2. A workflow is created or modified to include a crafted expression.
  3. The expression bypasses sandbox enforcement during evaluation.
  4. Arbitrary code executes during workflow runtime.
  5. Persistence is established through workflow modification or host-level changes.

No administrator privileges are required, and no user interaction is needed once the workflow is saved.

Exploit Availability

  • Technical exploitation techniques have been documented publicly for educational and defensive research purposes.
  • The vulnerability does not rely on obscure conditions and is considered reliably exploitable.
  • Due to simplicity of the attack surface, exploitation is expected to be achievable by moderately skilled attackers.

Organizations should assume that exploitation is possible and act accordingly.

Potential Business Impact

If exploitation occurs, the following outcomes are likely:

  • Loss of confidentiality of stored credentials and secrets
  • Manipulation of automated business processes
  • Unauthorized access to integrated third-party services
  • Creation of malicious workflows for persistence
  • Regulatory and compliance exposure
  • Operational disruption and reputational damage

Persistence and Post-Exploitation Risks

Once access is achieved:

  • Workflows can be altered to re-execute malicious logic
  • Credentials can be exfiltrated and reused externally
  • Additional backdoors can be created at the application level
  • The n8n host can be used as a pivot point into the internal network

Even after patching, compromised credentials and workflows may remain a risk if not reviewed.

Detection Strategy

Primary Detection Goals

  • Identify malicious workflow creation or modification
  • Detect sandbox escape indicators in expressions
  • Detect abnormal runtime behavior on the host
  • Detect unauthorized access patterns

Key Log Sources

  • n8n workflow audit logs
  • n8n API request logs
  • Authentication and authorization logs
  • Host-based process execution logs
  • Network traffic logs from the n8n host

Suspicious Expression Characteristics

Expressions should be considered suspicious if they:

  • Are unusually complex or obfuscated
  • Reference runtime-level objects
  • Attempt object traversal beyond normal data handling
  • Are inconsistent with the business purpose of the workflow

Splunk Detection Queries

Workflow Edited by Unusual User

index=n8n_logs action=workflow_update
| stats count by user, workflow_id
| where count > 2

High-Risk JavaScript Indicators in Expressions

index=n8n_logs action=workflow_update
| search expression="*process*" OR expression="*require*" OR expression="*constructor*" OR expression="*global*" OR expression="*Function*"
| table _time, user, workflow_id, expression

Workflow Changes Outside Business Hours

index=n8n_logs action=workflow_update
| eval hour=strftime(_time,"%H")
| where hour<6 OR hour>20
| table _time, user, workflow_id, src_ip

Unexpected Process Execution

index=os_logs parent_process="node" OR parent_process="n8n"
| search NOT process_name IN ("node","npm")
| table _time, parent_process, process_name, command_line

Outbound Network Activity from n8n Host

index=network_logs src_host=n8n*
| stats count by dest_ip, dest_port
| where count > 50

MITRE ATT&CK Mapping

TacticTechnique
ExecutionT1059 – Command and Scripting Interpreter
Defense EvasionSandbox Escape
Credential AccessT1552 – Unsecured Credentials
PersistenceT1053 – Scheduled or Triggered Execution
ImpactT1485 – Data Manipulation

Mitigation Guidance

Immediate

  • Upgrade n8n to a patched version
  • Restrict workflow editing permissions
  • Review all workflows for unauthorized logic
  • Rotate stored credentials if exposure is suspected

Short-Term

  • Enable strict audit logging
  • Limit outbound network access
  • Enforce MFA for privileged users

Long-Term

  • Treat workflows as code with approval workflows
  • Separate automation environments by trust level
  • Regularly audit expression usage

Official Patch / Upgrade Link

Apply the vendor fix immediately using the official n8n upgrade documentation:

🔗 https://docs.n8n.io/release-notes/

Final Takeaway

CVE-2026-1470 represents a high-confidence remote code execution risk in a highly trusted automation platform. Due to the low barrier to exploitation and the critical role of n8n in many environments, failure to patch promptly may result in systemic compromise.

Immediate remediation, monitoring, and credential hygiene are essential.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.