CVE-2026-1470

moderate-risk
Published 2026-01-27

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

Do I need to act?

~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 911d3771ce23dda2eb00a9d2c446e37f8223a9e9, 068953df0809d4bccd444b19e52311e534521270, aa4d1e5825829182afa0ad5b81f602638f55fa04
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (2)

N8N
N8N

Affected Vendors

N8N

References (2)

Patch https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
Exploit https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/
45
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 5/34 · Minimal
Exposure 7/34 · Low