VTA-004556 – From Low-Privilege Workflow to Full System Takeover in N8N

The n8n workflow automation platform, widely used to link applications, APIs and custom logic in automated business processes, was recently found vulnerable to serious security flaws that allow attackers to run arbitrary code on the system hosting the service. These issues tracked as CVE-2026-1470 and CVE-2026-0863 were uncovered, highlights how even advanced sandboxing measures can be bypassed, turning what should be a safe scripting environment into a full system compromise vector.

At the heart of both vulnerabilities is the idea of a sandbox escape. n8n uses sandboxing to isolate user-supplied code such as JavaScript expressions or Python scripts so that workflows can include flexible logic without threatening the host system. In theory, sandboxes prevent risky operations like spawning OS commands or modifying files outside a controlled context. But researchers demonstrated that weaknesses in how n8n parses and sanitizes these scripts allow attackers to bypass those restrictions. For example, gaps in the JavaScript abstract syntax tree (AST) sanitization logic let crafted expressions slip through the sandbox and reach the underlying Node.js runtime. Similarly, Python execution in the platform’s “Code” node can be manipulated via clever use of string formatting and exception handling to break out of the sandbox and execute unrestricted Python on the host.

What makes these findings especially noteworthy compared to typical vulnerabilities is the combination of flexibility and privilege that n8n aims to offer developers. Workflow platforms like n8n are designed to let users compose automation with custom logic. Normally, this should be done in tightly controlled sandboxes. Here, however, the very mechanisms meant to protect the system were shown to be bypassable. The attacker doesn’t need deep insider access, only the ability to create or edit a workflow to escalate that into full remote code execution, which could lead to exfiltration of sensitive data, deployment of malware or lateral movement inside an organization’s network.

Severity:
Medium

Attack Surface:
Web Application

Tactics:
Command and Control, Credential Access, Defense Evasion, Discovery, Execution, Exfiltration, Initial Access, Lateral Movement, Privilege Escalation

Techniques:
T1059 – Command and Scripting Interpreter
T1203 – Exploitation for Client Execution (adapted for web app logic)
T1068 – Exploitation for Privilege Escalation

Indicator of Compromise:
https://otx.alienvault.com/pulse/697abead303ab30c9c04efbc

References:
1. https://research.jfrog.com/post/achieving-remote-code-execution-on-n8n-via-sandbox-escape/

SuperPRO’s Threat Countermeasures Procedures:

1. Upgrade n8n to the latest version released after January 2026:
CVE-2026-1470: 1.123.17+, 2.4.5+ or 2.5.1+
CVE-2026-0863: 1.123.14+, 2.3.5+ or 2.4.2+
2. Restrict workflow creation and editing permissions to trusted users only.
3. Deploy n8n with container-level isolation controls, such as docker with restricted security profiles, seccomp filters and AppArmor or equivalent mandatory access controls
4. Avoid running n8n services with excessive system privileges.

Contributed by: Thivya