CVE-2026-1470
Last modified
CVE-2026-1470 is a critical-severity vulnerability rated 9.9/10 on the CVSS scale. n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. EPSS estimates a 18.07% chance of exploitation in the next 30 days.
Description
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| N8n | N8n | < 1.123.17 |
| N8n | N8n | >= 2.0.0, < 2.4.5 |
| N8n | N8n | 2.5.0 |
References
- https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-1470?
How severe is CVE-2026-1470?
How do I fix CVE-2026-1470?
Are you affected by CVE-2026-1470?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST