Print - 【Vulnerability Alert】Four Critical Security Vulnerabilities Identified in n8n

【Vulnerability Alert】Four Critical Security Vulnerabilities Identified in n8n

publish date : 2026-03-05 update date : 2026-03-05

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026030209034040	Publication Time	2026/03/02 09:44
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/03/02 09:44
Impact Level	Low
[Subject] [Vulnerability Alert] Four Critical Security Vulnerabilities Identified in SolarWinds Serv-U Software
[Content] Forwarded from TWCERTCC-200-202602-00000016 n8n is an open-source workflow automation tool that connects various applications through a visual drag-and-drop interface, allowing users to automate repetitive tasks without writing code. Recently, n8n released a critical security advisory. 【CVE-2026-27495, CVSS: 9.4】 This vulnerability allows an authenticated attacker with permission to own or modify workflows to exploit a vulnerability in the JavaScript task execution sandbox and execute arbitrary code outside the sandbox boundary. 【CVE-2026-27493, CVSS: 9.5】 This is a second-order expression injection vulnerability. An unauthenticated attacker can inject and execute arbitrary n8n expressions through specially crafted form data. When combined with the expression sandbox escape mechanism, it may lead to remote code execution on the n8n host. 【CVE-2026-27577, CVSS: 9.4】 This vulnerability allows an authenticated attacker with permission to create or modify workflows to exploit specially crafted workflow parameter expressions, triggering unauthorized system commands on the n8n host during execution. 【CVE-2026-27498, CVSS: 9.0】 This vulnerability allows an authenticated attacker with permission to create or modify workflows to leverage Git operations linked to the “Read/Write Files from Disk” node, which may result in remote code execution. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【CVE-2026-27495, CVE-2026-27493, CVE-2026-27577】 n8n versions prior to 1.123.22, n8n versions from 2.0.0 to prior to 2.9.3, n8n versions from 2.10.0 to prior to 2.10.1 【CVE-2026-27498】 n8n versions prior to 1.123.8, n8n versions prior to 2.2.0
[Recommended Actions] 【CVE-2026-27495, CVE-2026-27493, CVE-2026-27577】 Please update to the following versions: n8n version 1.123.22 and later versions, n8n version 2.9.3 and later versions, n8n version 2.10.1 and later versions 【CVE-2026-27498】 Please update to the following versions: n8n version 1.123.8 and later versions, n8n version 2.2.0 and later versions
[Reference] https://www.twcert.org.tw/tw/cp-169-10739-e7e58-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center