Description
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Published: 2026-02-25
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the JavaScript Task Runner sandbox used by n8n. This is a CWE‑94 weakness, where malicious input can be executed outside the intended sandbox. An authenticated user who can create or modify workflows can trigger a sandbox escape that allows arbitrary code execution outside the constrained environment. Because this code runs on the host, the attacker could compromise the entire n8n instance or the underlying operating system, and if an external task runner is used, the impact may extend to other tasks running on that worker.

Affected Systems

Affected vendors include n8n‑io, product n8n. Versions prior to 2.10.1, 2.9.3, and 1.123.22 are vulnerable. Upgrading to any of these patched releases or later versions resolves the issue.

Risk and Exploitability

With a CVSS score of 9.4, this flaw is considered critical. EPSS indicates a very low probability of exploitation at the time, but attackers with legitimate workflow privileges still pose a significant risk. The flaw is not in the CISA KEV catalog, yet the combination of high severity and the ability to fully escape the sandbox makes remediation a top priority.

Generated by OpenCVE AI on April 18, 2026 at 10:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later to remediate the CWE‑94 sandbox escape vulnerability.
  • Restrict workflow creation and editing rights to trusted users only to mitigate the risk of CWE‑94 exploitation when an upgrade cannot be performed immediately.
  • Consider configuring the task runner for external mode (N8N_RUNNERS_MODE=external) to limit the blast radius of a potential CWE‑94 attack.

Generated by OpenCVE AI on April 18, 2026 at 10:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jjpj-p2wh-qf23 n8n has a Sandbox Escape in its JavaScript Task Runner
History

Wed, 04 Mar 2026 03:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Fri, 27 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 25 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Title n8n has a Sandbox Escape in its JavaScript Task Runner
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T20:28:18.099Z

Reserved: 2026-02-19T19:46:03.542Z

Link: CVE-2026-27495

cve-icon Vulnrichment

Updated: 2026-02-26T20:28:13.952Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T23:16:20.853

Modified: 2026-03-04T03:41:31.603

Link: CVE-2026-27495

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses