N8n eval injection sandbox bypass flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Two n8n eval-injection flaws, CVE-2026-1470 and CVE-2026-0863, now expose susceptible instances to authenticated remote code execution and arbitrary Python code execution. The bugs let a logged-in user bypass sandbox protections, creating a path to hijack an entire n8n instance. Fixed releases are available for both flaws, reducing risk on affected deployments.
Related Happenings
N8n sandbox escape flaws (multiple vulnerabilities)
Vulnerability
First: 04.02.2026 15:00
Last: 04.02.2026 15:00
Sources 1
About this happening:
Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
N8n sandbox escape flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
N8n form-based workflow file-read flaw (CVE-2026-21858)
Vulnerability
First: 07.01.2026 15:48
Last: 07.01.2026 15:48
Sources 1
About this happening:
**n8n** disclosed **CVE-2026-21858** (**CVSS 10.0**), a **maximum-severity** **Content-Type confusion** flaw in **form-based workflows** that can let an **unauthenticated remote a...
N8n form-based workflow file-read flaw (CVE-2026-21858)
VulnerabilityAbout this happening: **n8n** disclosed **CVE-2026-21858** (**CVSS 10.0**), a **maximum-severity** **Content-Type confusion** flaw in **form-based workflows** that can let an **unauthenticated remote a...
N8n Python Code Node sandbox bypass (CVE-2025-68668)
Vulnerability
First: 06.01.2026 07:08
Last: 06.01.2026 07:08
Sources 1
About this happening:
**n8n** disclosed **CVE-2026-21858** (“**Ni8mare**”), a **CVSS 10.0** vulnerability in **form-based workflows** that can let **remote unauthenticated attackers** access files on a...
N8n Python Code Node sandbox bypass (CVE-2025-68668)
VulnerabilityAbout this happening: **n8n** disclosed **CVE-2026-21858** (“**Ni8mare**”), a **CVSS 10.0** vulnerability in **form-based workflows** that can let **remote unauthenticated attackers** access files on a...
Timeline
-
28.01.2026 14:43 3 articles · 3mo ago
Researchers disclose n8n sandbox bypass flaws
Initial DisclosureResearchers disclosed two n8n eval injection flaws, CVE-2026-1470 and CVE-2026-0863, that let an authenticated user bypass sandbox protections and execute code in susceptible n8n instances. CVE-2026-1470 can lead to full remote code execution on n8n's main node with specially crafted JavaScript code, while CVE-2026-0863 can run arbitrary Python code on the underlying operating system through n8n's python-task-executor sandbox. n8n operators were advised to upgrade to 1.123.17, 2.4.5, or 2.5.1 for CVE-2026-1470 and to 1.123.14, 2.3.5, or 2.4.2 for CVE-2026-0863, with internal execution mode noted as a security risk in production.
Show sources
- Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution — thehackernews.com — 28.01.2026 14:43
- Critical and High Severity n8n Sandbox Flaws Allow RCE — www.infosecurity-magazine.com — 28.01.2026 18:00
- New sandbox escape flaw exposes n8n instances to RCE attacks — www.bleepingcomputer.com — 28.01.2026 19:46