Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

2026-03-11

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Two critical security vulnerabilities in the n8n workflow automation platform have been disclosed and patched, enabling remote code execution and credential theft.

•CVE-2026-27577 (CVSS 9.4): A sandbox escape in n8n's expression compiler allows authenticated users to achieve RCE via crafted workflow expressions.
•CVE-2026-27493 (CVSS 9.5): An unauthenticated double-evaluation bug in Form nodes allows arbitrary shell command execution through public form endpoints without any login.
•Chaining both vulnerabilities can escalate to full RCE on the n8n host and expose the N8N_ENCRYPTION_KEY, enabling decryption of all stored credentials including AWS keys, OAuth tokens, and API keys.
•Two additional RCE flaws (CVE-2026-27495, CVE-2026-27497) were also patched in versions 2.10.1, 2.9.3, and 1.123.22.

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture