Two New Critical n8n Vulnerabilities Disclosed
Security researchers have published technical details of two now-patched critical security flaws in n8n, the widely-deployed open-source workflow automation platform, following responsible disclosure to the vendor.
The vulnerabilities — a CVSS 9.4 expression sandbox escape (CVE-2026-27577) and a high-severity credential store exposure flaw — both affect n8n versions prior to 1.88.0 and can be chained together to achieve remote code execution and full credential theft from a compromised n8n deployment.
The disclosure arrives on the same day CISA added a separate n8n RCE flaw (CVE-2025-68613, CVSS 9.9) to its Known Exploited Vulnerabilities catalog, compounding urgency for all n8n operators.
The Two Vulnerabilities
CVE-2026-27577 — Expression Sandbox Escape (CVSS 9.4)
CVE-2026-27577 is an expression sandbox escape vulnerability in n8n's workflow expression evaluation system. n8n allows users to embed dynamic expressions within workflow nodes using {{ }} syntax. This is implemented via a JavaScript sandbox intended to prevent access to the host system.
The flaw enables authenticated users with workflow creation permissions to craft expressions that bypass the sandbox boundary and execute arbitrary code on the n8n server. Researchers found that specific JavaScript patterns — exploiting how the sandbox handles certain object property access chains — can reach Node.js native modules, providing a path to system-level command execution.
| Attribute | Value |
|---|---|
| CVE | CVE-2026-27577 |
| CVSS | 9.4 (Critical) |
| Auth Required | Yes (workflow editor access) |
| Impact | Remote code execution on n8n host |
| Root Cause | Incomplete sandbox isolation in expression evaluator |
Attack scenario:
1. Attacker has n8n user account (or compromises one via phishing/credential stuffing)
2. Creates a workflow with a crafted expression in any node
3. Expression escapes the sandbox via object property chain
4. Commands execute as the n8n process — full shell access
5. Attacker pivots to connected services via stolen credentialsHigh-Severity Credential Store Exposure
The second vulnerability allows an attacker to extract stored credentials from n8n's credential manager without requiring access to the credentials' plaintext in the UI. The flaw exists in how n8n handles certain workflow node configurations, enabling an attacker with workflow editor access to construct a workflow that triggers the n8n backend to include raw credential values in API responses or node execution output.
n8n's credential store holds OAuth tokens, API keys, database passwords, cloud provider credentials, and service account keys for every integration configured in the platform. For enterprise n8n deployments, this can represent hundreds of sensitive secrets across dozens of connected services.
| Attribute | Value |
|---|---|
| Severity | High |
| Auth Required | Yes (workflow editor access) |
| Impact | Extraction of all stored integration credentials |
| Root Cause | Insufficient redaction of credential values in workflow execution context |
Chaining the Vulnerabilities
When combined, these two flaws represent a complete compromise chain for an attacker with n8n user-level access:
Step 1: Credential Leak Flaw
→ Extract API keys, OAuth tokens, database credentials from n8n store
Step 2: CVE-2026-27577 Sandbox Escape
→ Achieve RCE on n8n host
→ Access filesystem, environment variables, network
→ Full pivot to connected infrastructure
For organizations where n8n has admin-equivalent integrations — AWS admin roles, GitHub organization tokens, production database access — this chain enables complete environment compromise from a single n8n user account.
Relationship to CVE-2025-68613
These newly disclosed CVEs are distinct from CVE-2025-68613 (CVSS 9.9, also patched in n8n 1.88.0), which CISA added to its KEV catalog on March 11 based on confirmed active exploitation.
The broader picture: n8n 1.88.0 addresses multiple critical and high-severity vulnerabilities simultaneously, including the actively-exploited CISA KEV entry and these newly-disclosed research findings. Any organization still running n8n below 1.88.0 is exposed to all of these issues.
Who Is at Elevated Risk
| Environment | Risk Level | Reason |
|---|---|---|
| SOAR / Security Automation | Critical | n8n holds SIEM, ticket, and response tool credentials |
| DevOps / CI/CD Pipelines | Critical | GitHub, cloud, registry, and deployment credentials |
| Data Integration Platforms | High | Database credentials and API keys |
| IT Automation | High | Active Directory, ITSM, monitoring credentials |
| SaaS Workflow Automation | Medium-High | OAuth tokens for business SaaS platforms |
Remediation
Update to n8n 1.88.0 immediately. All three critical/high vulnerabilities (CVE-2025-68613, CVE-2026-27577, and the credential exposure flaw) are addressed in this release.
Post-Update Actions
- Rotate all credentials stored in n8n — assume any secrets stored in a pre-patch instance may have been accessed
- Audit workflow execution logs — look for workflows containing unusual expressions or accessing credential data unexpectedly
- Review user accounts — ensure no unauthorized accounts exist; enforce MFA for all n8n users
- Check connected service audit logs — verify no unusual API activity originated from n8n service accounts
Principle of Least Privilege for n8n
Going forward, apply least-privilege practices to n8n's integration credentials:
- Grant n8n only the minimum permissions needed for each workflow
- Use dedicated service accounts for n8n rather than admin credentials
- Rotate n8n credentials on a schedule — treat them as short-lived secrets
- Enable audit logging in all systems connected to n8n