CVE-2026-27577
Command Injection via Expression Evaluation in n8n Workflows
Publication date: 2026-02-25
Last updated on: 2026-03-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | to 1.123.22 (exc) |
| n8n | n8n | From 2.0.0 (inc) to 2.9.3 (exc) |
| n8n | n8n | From 2.10.0 (inc) to 2.10.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects n8n, an open source workflow automation platform. Before certain fixed versions, an authenticated user with permission to create or modify workflows could exploit crafted expressions in workflow parameters to execute unintended system commands on the host running n8n.
The issue arises from expression evaluation in workflows, allowing command execution beyond intended scope.
The vulnerability has been patched in n8n versions 2.10.1, 2.9.3, and 1.123.22.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
How can this vulnerability impact me? :
If exploited, this vulnerability allows an authenticated user with workflow creation or modification permissions to execute arbitrary system commands on the host running n8n.
This could lead to unauthorized control over the system, data compromise, service disruption, or further attacks within the environment.
Temporary mitigations include limiting workflow creation and editing permissions to fully trusted users and deploying n8n in a hardened environment with restricted OS privileges and network access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, users should upgrade n8n to versions 2.10.1, 2.9.3, or 1.123.22, or later, where the issue has been fixed.
If upgrading is not immediately possible, administrators should limit workflow creation and editing permissions to fully trusted users only.
Additionally, deploying n8n in a hardened environment with restricted operating system privileges and network access can reduce the impact of potential exploitation.
Note that these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.