Two critical-severity vulnerabilities in n8n could have been exploited for unauthenticated remote code execution (RCE) and sandbox escape, exposing all credentials stored in the n8n database, Pillar Security reports.
Tracked as CVE-2026-27493 (CVSS score of 9.5), the first bug is described as a second-order expression injection issue impacting the open source workflow automation platform’s Form nodes.
Successful exploitation could have allowed an unauthenticated attacker to inject arbitrary commands into a Name field and receive the output of the executed command.
The security defect existed because n8n relied on two expression evaluation passes to evaluate the user’s submission, with the attacker’s payload evaluated as a new expression during the second pass.
The vulnerability, Pillar explains, could be chained with the second critical flaw, tracked as CVE-2026-27577 (CVSS score of 9.4), to escape the n8n sandbox and execute commands on the host.
According to the security team, the flaw allowed for a malicious payload to bypass sandbox protections and be executed because the vulnerable node operates at the compilation stage, before the runtime sanitizers.
Both security defects were addressed in late February in n8n versions 2.10.1, 2.9.3, and 1.123.22. The patch removed the second expression evaluation pass and certain previously accepted parameters, added several global identifiers to the sandbox’s blocked identifier list, and hardened AST-aware identifier analysis.
According to Pillar, the two vulnerabilities impacted both self-hosted and cloud deployments and could be exploited to extract all credentials from the n8n database, including AWS keys, passwords, OAuth tokens, and API keys.
“n8n is a credential vault by function. It stores keys to every system it connects to. A single sandbox escape exposes the n8n instance and every connected system,” Pillar notes.
Because Form endpoints are intended to be accessible from the internet, the security firm notes, CVE-2026-27493 could be exploited by anyone with a single form submission and a GET request.
“For n8n Cloud and multi-tenant deployments, the impact extends beyond the individual instance. As demonstrated previously, sandbox escapes on n8n Cloud grant access to shared infrastructure, creating cross-tenant risk: a single public form on one tenant’s workflow could serve as the entry point,” Pillar notes.
Related: SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities
Related: Critical N8n Sandbox Escape Could Lead to Server Compromise
Related: N8n Vulnerabilities Could Lead to Remote Code Execution
Related: Critical Vulnerability Exposes N8n Instances to Takeover Attacks
