{"id":2643,"date":"2026-06-16T07:14:29","date_gmt":"2026-06-16T14:14:29","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=2643"},"modified":"2026-06-16T07:14:31","modified_gmt":"2026-06-16T14:14:31","slug":"emerging-threat-cve-2026-27577-n8n-remote-code-execution-via-workflow-expressions","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-27577-n8n-remote-code-execution-via-workflow-expressions\/","title":{"rendered":"Emerging Threat: (CVE-2026-27577) n8n Remote Code Execution via Workflow Expressions"},"content":{"rendered":"\n
\"\"
Sample of assets impacted by n8n RCE vulnerability, identified by the CyCognito Platform<\/em><\/figcaption><\/figure>\n\n\n\n

What is CVE-2026-27577?<\/h2>\n\n\n\n

CVE-2026-27577 is a code injection flaw in n8n, an open-source workflow automation platform, that lets an authenticated user with permission to create or modify workflows run system commands on the host through crafted workflow expressions.<\/p>\n\n\n\n

The vulnerability carries a CVSS base score of 9.4 (Critical). Exploitation requires authentication, but only the level of access needed to build or edit a workflow, which is a routine privilege for many users of the platform.<\/p>\n\n\n\n

The root cause is a sandbox escape. n8n evaluates user-supplied expressions and code nodes inside a restricted JavaScript environment, and a flaw in the PrototypeSanitizer<\/code> lets an attacker reach the host process internals using techniques such as spread operators and variable shadowing. Once the sandbox is bypassed, the attacker executes arbitrary commands with the privileges of the n8n service.<\/p>\n\n\n\n

The practical impact is full remote code execution on the underlying host. From there an attacker can exfiltrate data, move laterally, and establish persistence in the automation infrastructure. The flaw follows earlier expression-evaluation issues in the same parser, which points to a recurring weak spot rather than a one-off bug.<\/p>\n\n\n\n

What assets are affected by CVE-2026-27577?<\/h2>\n\n\n\n

The vulnerability affects n8n versions before 1.123.22, the 2.0.0 through 2.9.2 range, and 2.10.0. Both self-hosted deployments and n8n Cloud instances are in scope.<\/p>\n\n\n\n

In practice, an affected asset is an n8n instance reachable over the web, commonly served on TCP\/5678<\/code> and often fronted by a web application hostname. Teams stand these instances up to connect internal tools, CRMs, databases, and messaging systems, which means a single host frequently holds credentials and network reach into many other systems.<\/p>\n\n\n\n

These instances tend to be internet-facing or overlooked because automation tooling is often deployed quickly by individual teams rather than provisioned through central IT. An n8n server spun up on a cloud VM for a short-term integration can outlive its original purpose and remain exposed long after anyone is actively watching it.<\/p>\n\n\n\n

What does our data show about exposure patterns?<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Exposure in this set is led by Industrials at 17.2% of observed assets, with Communication Services close behind at 16.1%. No single sector dominates, and the largest named sector accounts for less than a fifth of the total.<\/p>\n\n\n\n

The flat distribution is the notable part. n8n is general-purpose automation tooling, so its presence does not track to one industry’s technology stack the way a specialized application would. It shows up wherever teams need to wire systems together, which spreads exposure across sectors with very different operating models, from manufacturing and logistics to media and consumer brands.<\/p>\n\n\n\n

The cross-sector spread points to a visibility problem rather than a sector-specific one. Self-hosted automation platforms are easy to deploy and easy to forget, and they rarely sit in a formal asset inventory. The result is a layer of internet-facing infrastructure that holds broad internal access while falling outside the systems most organizations use to track and secure their externally reachable assets.<\/p>\n\n\n\n

Are fixes available?<\/h2>\n\n\n\n

Yes. n8n has released patches, available since February 25, 2026. Affected users should upgrade to 1.123.22, 2.9.3, or 2.10.1 or later.<\/p>\n\n\n\n

The fixes are documented in the GitHub Security Advisories GHSA-v98v-ff95-f3cp and GHSA-vpcf-gvg4-6qwr. CVE-2026-27577 was disclosed alongside a cluster of related expression-evaluation and sandbox-escape vulnerabilities patched in the same release, so a single upgrade addresses multiple issues at once.<\/p>\n\n\n\n

Because the same parser has produced repeat findings, defenders should confirm the running version directly rather than assuming a recent install is current, and should treat any instance below the patched versions as exploitable.<\/p>\n\n\n\n

Are there any other recommended actions to take?<\/h2>\n\n\n\n

Until patching is confirmed, defenders should:<\/p>\n\n\n\n