Description
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host. The vulnerability requires a specific workflow configuration to be exploitable. First, a form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value. Second, the field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content. There is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance. Even when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Review usage of form nodes manually for above mentioned preconditions, disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, and/or disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Published: 2026-02-25
Score: 9.5 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

A second‑order expression injection flaw exists in the Form nodes of n8n. By submitting form data that begins with an equals sign, an unauthenticated attacker can cause the system to evaluate the content twice, allowing injection of arbitrary n8n expressions. When this injection is chained with an expression sandbox escape vulnerability, the attacker can execute code on the host machine. The vulnerability is limited to the data available in the n8n expression context unless this escalation path is taken.

Affected Systems

This flaw affects n8n releases older than 2.10.1, 2.9.3, and 1.123.22. The affected vendor is n8n‑io and the product is n8n, usable on Node.js environments.

Risk and Exploitability

The CVSS base score of 9.5 indicates critical severity. The EPSS score of less than 1 % shows that exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to provide specially crafted form input on a configured workflow that evaluates expressions without sanitization, and then chain a sandbox escape. If those conditions are met, the result is remote code execution. The primary attack vector is unauthenticated submission of a malicious form.

Generated by OpenCVE AI on April 18, 2026 at 10:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later to remove the vulnerability.
  • If immediate upgrade is not possible, prevent exploitation by disabling the Form node and the Form Trigger node using the NODES_EXCLUDE environment variable (e.g., set NODES_EXCLUDE to include "n8n-nodes-base.form" and "n8n-nodes-base.formTrigger").
  • Manually review existing workflows for fields that begin with an equals sign and remove or sanitize them so that user‑supplied data is not treated as an expression.

Generated by OpenCVE AI on April 18, 2026 at 10:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-75g8-rv7v-32f7 n8n has Unauthenticated Expression Evaluation via Form Node
History

Thu, 05 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Sat, 28 Feb 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 25 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host. The vulnerability requires a specific workflow configuration to be exploitable. First, a form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value. Second, the field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content. There is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance. Even when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Review usage of form nodes manually for above mentioned preconditions, disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, and/or disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Title n8n has Unauthenticated Expression Evaluation via Form Node
Weaknesses CWE-94
CWE-95
References
Metrics cvssV4_0

{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T20:27:26.036Z

Reserved: 2026-02-19T19:46:03.542Z

Link: CVE-2026-27493

cve-icon Vulnrichment

Updated: 2026-02-26T20:27:17.468Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T23:16:20.440

Modified: 2026-03-05T16:29:28.867

Link: CVE-2026-27493

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses