Critical Vulnerabilities Identified in N8n Workflow Automation Platform
In a recent investigation, researchers from Pillar Security have uncovered two significant vulnerabilities within both self-hosted and cloud-based deployments of the n8n workflow automation platform. N8n, which serves as a popular open-source tool for automating workflows, plays a crucial role in the infrastructure of a myriad of enterprise-level AI applications globally.
The first vulnerability, identified by the identifier CVE-2026-27493, poses a severe risk as it enables potential adversaries to achieve complete server takeover without any interaction required from the target. Notably, this flaw does not necessitate the attacker to be authenticated, significantly increasing the potential threat level.
Both vulnerabilities are reported to affect not only n8n Cloud but also self-hosted instances of the n8n system. The critical nature of these issues was underscored when Pillar Security, in a blog post earlier this year, highlighted how cybersecurity risks could escalate due to the platform’s widespread usage.
Understanding the Sandbox Escape Flaw: CVE-2026-27577
In December 2025, Pillar Security initially flagged two maximum-severity vulnerabilities, which have been categorized with a Critical Vulnerability Scoring System (CVSS) score of 10. These vulnerabilities represent serious flaws in n8n’s sandboxing mechanism and can empower attackers to gain comprehensive control of servers hosting the n8n platform. Notably, such vulnerabilities may expose sensitive credential information as well.
Following the initial findings, n8n released a patch update in December, with subsequent updates in early 2026, designed to address these security vulnerabilities. Nevertheless, the diligent security researchers at Pillar Security continued their examination of the n8n platform and made further alarming discoveries in February.
The first of these new flaws was reported to GitHub under the identifier CVE-2026-27577 on February 25. This issue pertains to a sandbox escape within the expression compiler, primarily due to a missing case in the abstract syntax tree (AST) rewriter. The absence of this case allows the process to bypass necessary transformations, thereby granting authenticated attackers the ability to execute arbitrary remote code.
Emphasizing the gravity of the situation, the researchers pointed out that n8n acts as a credential vault, holding keys and credentials for every integrated system. Consequently, even a single sandbox escape could result in the severe compromise of the n8n instance and all its connected environments.
Researchers elaborated on this point, stating that "post-exploitation is straightforward: the attacker reads the N8N_ENCRYPTION_KEY environment variable and employs it to decrypt every credential stored in n8n’s database, including essential information like AWS keys, database passwords, OAuth tokens, and API keys."
This particular vulnerability has been assigned a critical severity rating of 9.4 under the CVSS v4.0 framework.
Zero-Click Unauthenticated Vulnerability: CVE-2026-27493 Explored
Concurrently, the second vulnerability reported on February 25 is tracked as CVE-2026-27493. Pillar Security researchers claim that this flaw is even more critical than CVE-2026-27577. This vulnerability is due to a double-evaluation bug found within n8n’s Form nodes, transforming any multi-step form that shows user input back into an expression injection point.
Crucially, the endpoints for these forms are publicly accessible by design, which means an attacker can exploit this flaw without requiring authentication, access to an n8n account, or any specific workflow privileges. For example, a publicly available "Contact Us" form could result in arbitrary shell commands being executed if a malicious input is entered into the Name field.
The researchers issued a cautionary statement regarding the implications for both n8n Cloud and multi-tenant deployments. They indicated that the fallout from these vulnerabilities could extend beyond individual instances, creating a shared infrastructure risk. If an attacker exploits a flaw on one tenant’s workflow, they could potentially breach other tenants’ data due to the shared nature of the underlying infrastructure.
Recommended Actions for N8n Users
In light of these discoveries, Pillar Security has emphasized the importance of taking immediate action. Although n8n Cloud clients are likely to have already benefited from automated security fixes, users who self-host the n8n platform should take steps to update their systems to versions 2.10.1, 2.9.3, or 1.123.22, depending on their operating environment.
Furthermore, researchers advise all users to rotate any and all stored credentials if they find a vulnerable workflow within their n8n deployment. "Any instance running an affected version could have exposed N8N_ENCRYPTION_KEY, which decrypts every credential stored in the platform," the researchers noted, stressing the critical need for heightened security measures.
In summary, these critical vulnerabilities within the n8n platform not only underscore the risks associated with workflow automation tools but also highlight the importance of ongoing vigilance, regular updates, and proactive measures to ensure data security in an increasingly interconnected technological landscape.