Cybersecurity researchers have disclosed critical security vulnerabilities within the popular n8n workflow automation platform. The flaws, now patched, include two severe bugs that could allow attackers to execute arbitrary commands on the host system. The discovery, made by Pillar Security researcher Eilon Cohen, highlights significant risks in self-hosted and cloud-based automation tools that process sensitive data and credentials.
The first vulnerability, tracked as CVE-2026-27577, is a sandbox escape within n8n's expression compiler. According to the technical report, a missing case in the Abstract Syntax Tree (AST) rewriter allows the `process` object to pass through untransformed. This oversight grants any authenticated user with expression evaluation capabilities full remote code execution (RCE) privileges. The second flaw, CVE-2026-27493, is a double-evaluation bug in n8n's Form Trigger nodes. Crucially, these form endpoints are public by design, requiring no authentication or n8n account. An attacker could exploit this by submitting a crafted payload, such as malicious code in a "Name" field on a public "Contact Us" form, to trigger expression injection.
n8n's advisory clarifies the exploitation paths. An authenticated user with workflow creation or modification permissions could weaponize CVE-2026-27577 to execute system commands on the host via crafted expressions. More dangerously, CVE-2026-27493 could be chained with the sandbox escape vulnerability. This combination allows an unauthenticated attacker to leverage a public form to achieve full remote code execution on the n8n server, escalating a simple injection into a complete system compromise. Both vulnerabilities affect all deployment modes.
For organizations unable to apply the patches immediately, n8n provided urgent mitigation guidance. To address CVE-2026-27577, administrators should strictly limit workflow creation and editing permissions to only essential, fully trusted users. Furthermore, deploying n8n in a hardened environment—with restricted OS privileges, minimal network access, and robust isolation—is critical. For CVE-2026-27493, workarounds include disabling public form endpoints or implementing strict input validation, though these are not complete fixes. The maintainers explicitly warn that these measures are temporary and patching remains the only definitive remediation.
The disclosure by Pillar Security underscores a growing attack surface as automation platforms become integral to business operations. These vulnerabilities could have allowed attackers to steal stored credentials, manipulate automated workflows, and gain a persistent foothold in corporate networks. This incident serves as a stark reminder for organizations to rigorously assess the security posture of their integrated software, enforce the principle of least privilege, and maintain a swift patch management cycle for all critical infrastructure components.
