CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

N8n Vulnerabilities Could Lead to Remote Code Execution

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. The post N8n Vulnerabilities Could Lead to Remote Code Execution appeared first on SecurityWeek.

Code supply chain attack

Two critical- and high-severity vulnerabilities in the n8n AI workflow automation platform could allow attackers to execute arbitrary code remotely, JFrog reports.

The issues, tracked as CVE-2026-1470 (CVSS score of 9.9) and CVE-2026-0863 (CVSS score of 8.5), impacted n8n’s sandbox mechanism and could be abused via weaknesses in the Abstract Syntax Tree (AST) sanitization logic.

CVE-2026-1470, JFrog notes, was discovered in the expression evaluation engine and could allow attackers to execute arbitrary JavaScript code.

N8n uses an AST-based sandbox to validate JavaScript input and neutralize potentially dangerous nodes before execution. Several validation layers have been implemented to mitigate known JavaScript sandbox escape vectors.

However, because the AST parser still supports a deprecated statement, an attacker can supply an identifier that allows them to achieve arbitrary code execution in n8n’s main node.

This allows an attacker to completely take over the n8n instance, JFrog says.

CVE-2026-0863, the cybersecurity firm explains, was discovered in the Python code execution flow of the Code node, which is also subjected to an AST sandbox to prevent takeover while running under ‘Internal’ configuration.

“If the n8n instance is running in the ‘Internal’ configuration, Python code is executed as a subprocess on the main node itself, allowing a successful exploit to compromise the entire n8n instance,” JFrog explains.

The cybersecurity firm discovered that it was possible to abuse gaps in AST-based sandboxes to bypass the implemented protections and achieve remote code execution (RCE) to completely escape the sandbox.

“These vulnerabilities highlight how difficult it is to safely sandbox dynamic, high‑level languages such as JavaScript and Python. Even with multiple validation layers, deny lists, and AST‑based controls in place, subtle language features and runtime behaviors can be leveraged to bypass security assumptions,” JFrog explains.

The two vulnerabilities were addressed in n8n versions 1.123.17, 2.4.5, and 2.5.1, and 1.123.14, 2.3.5, and 2.4.2, respectively.

Related: Critical Vulnerability Exposes n8n Instances to Takeover Attacks

Related: APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability

Related: Organizations Warned of Exploited Zimbra Collaboration Vulnerability

Related: TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

Latest News

CYBERNEWSMEDIAPublisher