ACCORDING to JFrog security researcher Nathan Nehorai, in a blog post, two critical vulnerabilities in the AI workflow platform n8n could allow attackers to hijack an organisation’s n8n service by bypassing sandbox protections and executing code remotely. The flaws, CVE-2026-1470 and CVE-2026-0863, carry a 9.9 and 8.5 severity respectively, with one enabling remote code execution on the host and the other affecting Python execution when run on the server rather than inside a container.
All n8n versions prior to 1.123.17, 2.4.5 or 2.5.1 are vulnerable to CVE-2026-1470, while CVE-2026-0863 affects versions earlier than 1.123.14, 2.3.5, or 2.4.2. This comes just weeks after Ni8mare, CVE-2026-21858, a separate critical unauthenticated RCE affecting an estimated 100,000 servers worldwide. Organisations using n8n are urged to disconnect from the Internet, enforce strong authentication, minimise execution privileges and avoid relying on static validation. The disclosures underscore the growing security risks as enterprises increasingly integrate LLMs into workflows. 29 January 2026.