Critical Zero-Click Flaw in n8n Allows Full Server Compromise
Critical Zero-Click Flaw in n8n Allows Full Server Compromise
https://www.infosecurity-magazine.com/news/critical-zeroclick-flaw-n8n-pillar/
Publish Date: 2026-03-12 11:28:00
Source Domain: www.infosecurity-magazine.com
Researchers at Pillar Security have found two new critical vulnerabilities in self-hosted and cloud n8n deployments.
N8n is a popular open-source workflow automation platform powering hundreds of thousands of enterprise AI systems worldwide.
One of the flaws, tracked as CVE-2026-27493, can lead to full takeover of a server without the target clicking on anything and without the attacker needing to be authenticated.
Both vulnerabilities affect both n8n Cloud and self-hosted n8n instances.
Sandbox Escape Flaw: CVE-2026-27577 Explained
In December 2025, Pillar Security reported two maximum-severity (CVSS score of 10) sandbox escape vulnerabilities to n8n that could allow attackers to achieve complete server control and steal any stored credentials.
These findings prompted n8n to release an initial patch update in December followed by nine security fixes in early 2026. When applied, these security updates would fix the initial vulnerabilities found by Pillar Security.
However, the security researchers continued investigating n8n in February and found two additional flaws that were not addressed by the December-January security patches.
The first was initially reported by GitHub as CVE-2026-27577 on February 25.
This sandbox escape in the expression compiler is due to a missing case in the AST rewriter that lets the process slip through untransformed, allowing any authenticated attacker full remote code execution (RCE).
The Pillar Security researchers emphasized that, because n8n is a credential vault by function and stores keys to every system it connects to, a single sandbox escape exposes the n8n instance and every connected system.
“Post-exploitation is straightforward: the attacker reads the N8N_ENCRYPTION_KEY environment variable and uses it to decrypt every credential stored in n8n’s database: AWS keys, database passwords, OAuth tokens, API keys,” they wrote in a March 11 report.
CVE-2026-27577 has been assigned a critical severity rating of…
