CVE-2026-27495
Published: 25 February 2026
Description
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside…
more
the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the sandbox escape vulnerability by requiring timely patching to fixed n8n versions 2.10.1, 2.9.3, or 1.123.22.
Enforces least privilege to restrict workflow creation and modification permissions to fully trusted users, blocking exploitation by less-privileged authenticated attackers.
Establishes secure configuration settings like N8N_RUNNERS_MODE=external to isolate Task Runners and limit the blast radius of sandbox escapes.
Security SummaryAI
CVE-2026-27495 is a code injection vulnerability (CWE-94) in the JavaScript Task Runner sandbox of n8n, an open source workflow automation platform. It affects versions prior to 2.10.1, 2.9.3, and 1.123.22, enabling an authenticated user with permission to create or modify workflows to execute arbitrary code outside the sandbox boundary. The vulnerability requires Task Runners to be enabled via the N8N_RUNNERS_ENABLED=true setting.
An attacker with valid credentials and workflow creation or modification permissions can exploit this issue remotely with low complexity and no user interaction, earning a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). On instances using the default internal Task Runners, exploitation leads to full compromise of the n8n host. On setups with external Task Runners, the attacker could gain access to or impact other tasks executed on the Task Runner.
The vulnerability is patched in n8n versions 2.10.1, 2.9.3, and 1.123.22; users are advised to upgrade immediately. As temporary mitigations, administrators should restrict workflow creation and editing to fully trusted users and switch to external runner mode (N8N_RUNNERS_MODE=external) to reduce the blast radius, though these do not fully eliminate the risk. Additional details are available in the n8n security advisory (GHSA-jjpj-p2wh-qf23) and task runner documentation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Code injection (CWE-94) in public-facing n8n JS sandbox directly enables remote exploitation for arbitrary code execution (T1190) via JavaScript (T1059.007) and host-level privilege escalation from workflow editor permissions (T1068).