January 28, 2026 By Bill Toulas
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
Identified as CVE-2026-1470 and CVE-2026-0863, the vulnerabilities were discovered and reported by researchers at DevSecOps company JFrog.
Despite requiring authentication, CVE-2026-1470 received a critical severity score of 9.9 out of 10. JFrog explained that the critical rating was due to arbitrary code execution occurring in n8n’s main node, which allows complete control over the n8n instance.
n8n is an open-source workflow automation platform that lets users link applications, APIs, and services into complex processes using a visual editor.
With more than 200,000 weekly downloads on npm, the library is used for task automation and supports integrations with AI and large language model (LLM) services.
The two vulnerabilities discovered by JFrog can be summarized as follows:
- CVE-2026-1470 – An AST sandbox escape caused by improper handling of the JavaScript with statement allows a standalone constructor identifier to bypass sanitization and resolve to Function, enabling arbitrary JavaScript execution and resulting in full RCE on the main n8n node.
- CVE-2026-0863 – A Python AST sandbox escape that combines format-string–based object introspection with Python 3.10+ AttributeError.obj behavior to regain access to restricted builtins and imports, allowing execution of OS commands and full RCE when Python runs as a subprocess on the main n8n node.