Expression Injection Vulnerability in n8n Open Source Workflow Automation Platform

CVE-2026-27493

What is CVE-2026-27493?

CVE-2026-27493 is a second-order expression injection vulnerability found in n8n, an open-source workflow automation platform used to automate tasks and integrate various applications. This particular vulnerability affects versions prior to 2.10.1, 2.9.3, and 1.123.22 and pertains specifically to the platform’s Form nodes, which are integral for user interaction within workflows. An unauthenticated attacker could exploit this vulnerability by injecting and evaluating arbitrary n8n expressions through crafted form data, using a specific workflow configuration. The exploitable conditions require a field input to interpolate values provided by unauthenticated users, particularly those prefixed with an equal sign (=), leading the system to treat them as executable expressions. If this injection is combined with another vulnerability that allows an escape from the expression sandbox, it could potentially lead to remote code execution on the underlying host, making it a severe security risk for organizations using the platform.

Potential impact of CVE-2026-27493

1. Remote Code Execution Risk: If successfully exploited, this vulnerability can be chained with an expression sandbox escape to execute arbitrary code on the n8n host, potentially compromising the entire system and leading to significant data loss or system manipulation.

2. Unauthorized Data Access: The vulnerability allows attackers to inject expressions that may access sensitive data within the n8n expression context, raising concerns about data breaches and unauthorized exposure of confidential information.

3. Compromise of Workflow Integrity: Given n8n's role in automating business processes and workflows, an attacker leveraging this vulnerability could undermine the integrity of these workflows, leading to operational disruptions and loss of trust in automated processes within an organization.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References