What is CVE-2026-1470?

It is a critical sandbox escape vulnerability in n8n's JavaScript engine that uses the 'with' statement to bypass security checks and execute arbitrary code.

How does CVE-2026-0863 impact n8n?

This high-severity flaw allows attackers to escape the Python sandbox using string formatting and exception handling to run OS commands on the host.

Which n8n versions are vulnerable?

Self-hosted versions prior to 1.123.17, 2.4.5, and 2.5.1 are vulnerable to the JavaScript flaw, while versions prior to 1.123.14, 2.3.5, and 2.4.2 are vulnerable to the Python flaw.

What data is at risk from these vulnerabilities?

Attackers can access environment variables, API credentials, internal workflows, and gain full system-level control of the server.

How can I protect my n8n instance?

Update to the latest patched versions immediately and switch the Python Code node configuration to 'External' mode to use Docker isolation.

Advisory

Critical n8n Sandbox Escapes Enable Remote Code Execution

published: Jan. 29, 2026

Take action: If you are using n8n, make sure it's isolated from the internet and accessible from trusted users only. Then patch n8n to version 1.123.17, 2.4.5 for CVE-2026-1470, and 1.123.14, 2.3.5 for CVE-2026-0863 or later. The CVE-2026-1470 patch is higher priority. Also configure Python nodes to run in 'External' mode for better process isolation.

Learn More

The n8n workflow automation platform reports two more sandbox escape vulnerabilities that allow authenticated users to run arbitrary commands on host servers. Despite recent security enhancements, researchers found ways to bypass the Abstract Syntax Tree (AST) validation, allowing attackers to move from simple workflow creation to full system takeover on self-hosted instances.

Vulnerabilities summary:

CVE-2026-1470 (CVSS score 9.9) - A sandbox escape in the JavaScript expression engine using the 'with' statement to achieve remote code execution. Attackers can use this feature to fool the security scanner to access the Function constructor. This bypasses the 'Tournament' library, which n8n uses to block dangerous global objects and prototype manipulation. Because this code runs inside the main n8n process, a successful exploit gives the attacker immediate control over the entire application environment.
CVE-2026-0863 (CVSS score 8.5) - A high-severity escape targeting the Python Code node when it runs in 'Internal' mode. Researchers combined Python string formatting with a specific change in Python 3.10 exception handling to recover restricted objects. By triggering an AttributeError, they could access the 'obj' attribute to regain restricted functions like '__import__'. This allows the execution of operating system commands even when the platform blocks standard built-in functions.

n8n has patched its cloud service, but self-hosted users must update their installations immediately.

To fix CVE-2026-1470 (CVSS score 9.9), organizations should upgrade to versions 1.123.17, 2.4.5, or later.

For CVE-2026-0863 (CVSS score 8.5), the fix is available in versions 1.123.14, 2.3.5, or later.

Administrators should also switch Python execution to 'External' mode, which uses Docker sidecars to isolate code from the main server.

Critical n8n Sandbox Escapes Enable Remote Code Execution

Read More
OpenSSH Remote Code Execution vulnerability reported, PoC published
TeamViewer reports Security Incident in their internal IT …
Cisco Patches Actively Exploited Flaw in Unified Communications …
Adobe releases April 2026 patches for multiple products
CISA reports active exploitation of critical vulnerability in …