CYBERSECURITY researchers have disclosed two high-severity flaws in the n8n workflow automation platform, identified as CVE-2026-1470 and CVE-2026-0863, with CVSS scores of 9.9 and 8.5 respectively.
Both are eval injection vulnerabilities that could let an authenticated user bypass sandbox protections and achieve remote code execution on the main node or the underlying operating system via the Python task executor sandbox, potentially allowing an attacker to hijack an entire n8n instance even in internal execution mode. The flaws were uncovered by the JFrog Security Research team, who warned that such sandbox escapes highlight the difficulty of safely sandboxing dynamic languages like JavaScript and Python.
To mitigate the risk, the article recommends updating to specific versions: CVE-2026-1470 in 1.123.17, 2.4.5, or 2.5.1, and CVE-2026-0863 in 1.123.14, 2.3.5, or 2.4.2, with references to prior related issues such as CVE-2026-21858 noted as a maximum-severity flaw disclosed weeks earlier. According to JFrog, these vulnerabilities illustrate how deprecations or rare constructs, combined with interpreter changes, can break sandbox controls and enable remote code execution.