CVE-2026-1470

Published: Jan 27, 2026

Modified: Jan 27, 2026

PUBLISHED

CVSS v3.1

9.9

CRITICAL

Description

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

Vendor	Product	Versions
Unknown	n8n	affected `0 - < 1.123.17` affected `2.0.0 - < 2.4.5` affected `2.5.0 - < 2.5.1`

Weaknesses (CWE)

CWE-95

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04

patch

https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-1470

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References