CVE-2026-27577
Received Received - Intake

Command Injection via Expression Evaluation in n8n Workflows

Vulnerability report for CVE-2026-27577, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-25

Last updated on: 2026-03-04

Assigner: GitHub, Inc.

Description

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-25
Last Modified
2026-03-04
Generated
2026-07-06
AI Q&A
2026-02-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.22 (exc)
n8n n8n From 2.0.0 (inc) to 2.9.3 (exc)
n8n n8n From 2.10.0 (inc) to 2.10.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects n8n, an open source workflow automation platform. Before certain fixed versions, an authenticated user with permission to create or modify workflows could exploit crafted expressions in workflow parameters to execute unintended system commands on the host running n8n.

The issue arises from expression evaluation in workflows, allowing command execution beyond intended scope.

The vulnerability has been patched in n8n versions 2.10.1, 2.9.3, and 1.123.22.

Detection Guidance

I don't know

Impact Analysis

If exploited, this vulnerability allows an authenticated user with workflow creation or modification permissions to execute arbitrary system commands on the host running n8n.

This could lead to unauthorized control over the system, data compromise, service disruption, or further attacks within the environment.

Temporary mitigations include limiting workflow creation and editing permissions to fully trusted users and deploying n8n in a hardened environment with restricted OS privileges and network access.

Compliance Impact

I don't know

Mitigation Strategies

To mitigate this vulnerability immediately, users should upgrade n8n to versions 2.10.1, 2.9.3, or 1.123.22, or later, where the issue has been fixed.

If upgrading is not immediately possible, administrators should limit workflow creation and editing permissions to fully trusted users only.

Additionally, deploying n8n in a hardened environment with restricted operating system privileges and network access can reduce the impact of potential exploitation.

Note that these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart