{"id":207348,"date":"2026-01-28T07:43:00","date_gmt":"2026-01-28T12:43:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/two-high-severity-n8n-flaws-allow-authenticated-remote-code-execution\/"},"modified":"2026-01-28T09:15:07","modified_gmt":"2026-01-28T14:15:07","slug":"two-high-severity-n8n-flaws-allow-authenticated-remote-code-execution","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/two-high-severity-n8n-flaws-allow-authenticated-remote-code-execution\/","title":{"rendered":"Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/two-high-severity-n8n-flaws-allow.html\">Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/two-high-severity-n8n-flaws-allow.html\">https:\/\/thehackernews.com\/2026\/01\/two-high-severity-n8n-flaws-allow.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-28 07:43:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jan 28, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Workflow Automation<\/span><\/p>\n<p>Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.<\/p>\n<p>The weaknesses, discovered by the JFrog Security Research team, are listed below &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-1470<\/strong> (CVSS score: 9.9) &#8211; An eval injection vulnerability that could allow an authenticated user to bypass the Expression sandbox mechanism and achieve full remote code execution on n8n&#8217;s main node by passing specially crafted JavaScript code<\/li>\n<li><strong>CVE-2026-0863<\/strong> (CVSS score: 8.5) &#8211; An eval injection vulnerability that could allow an authenticated user to bypass n8n&#8217;s python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system<\/li>\n<\/ul>\n<p>Successful exploitation of the flaws could permit an attacker to hijack an entire n8n instance, including under scenarios where it&#8217;s operating under &#8220;internal&#8221; execution mode. In its documentation, n8n notes that using internal mode in production environments can pose a security risk, urging users to switch to external mode to ensure proper isolation between n8n and task runner processes.<\/p>\n<p><img decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgqlhh16hjmE7NRyQeAR2_sLZ1uDwyQH2jkPHmDTAtveTHoIjCrfmK6JLqlZuNKOPG1RGLtwJk-ZJDwQiV-McwmzAUu1iOSwwMjs_tqI1KjcL_tCvc0M2XuKBPfJ1RXpKxnx-eGdWwM0wlNDnUYHvXr-1LZk2zRmDNLIEbYGalGQJsd6QwC0pyCrLavN0fz\/s728-e100\/threatlocker-inside-d.png\" width=\"729\" height=\"91\"\/><\/p>\n<p>&#8220;As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others,&#8221; JFrog said in a statement shared with The Hacker News. &#8220;This results in escapes giving a hacker an effective &#8220;skeleton key&#8221; to the entire corporation.&#8221;<\/p>\n<p>To address the flaws, users are advised to update to the following versions &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-1470<\/strong> &#8211; 1.123.17, 2.4.5, or 2.5.1<\/li>\n<li><strong>CVE-2026-0863<\/strong> &#8211; 1.123.14, 2.3.5, or 2.4.2<\/li>\n<\/ul>\n<p>The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (CVE-2026-21858 aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.<\/p>\n<p>&#8220;These&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/two-high-severity-n8n-flaws-allow.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution https:\/\/thehackernews.com\/2026\/01\/two-high-severity-n8n-flaws-allow.html Publish Date: 2026-01-28 07:43:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207349,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhW94x6FIasfUAUj1l0mDp4cnVeR5PmfPV85I4_GuIlUqCVlMX0bthAcsA9oHJJz8d3gXUo74yw4d2kG3FnDnFe0zz_CzVY6Hyy8biL_gMKKaErWM3p15lAdh5xQnBBb6RhHSgKmpM3RLx1wccjhlKJc6I6lrO8M7SFIs3ezfEXuieA11PIJ1D7Z4nSaLb2\/s1700-e365\/n8n.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,35,17,27],"class_list":["post-207348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-hacker","tag-llm","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207348"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207348"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207348\/revisions"}],"predecessor-version":[{"id":207350,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207348\/revisions\/207350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207349"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}