Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
11 March 2026
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.
The vulnerabilities are listed below -
CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE)
CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated