SECURITYWEEK reports two critical- and high-severity vulnerabilities in the n8n AI workflow automation platform that could allow attackers to perform remote code execution, according to JFrog. The flaws, tracked as CVE-2026-1470 (CVSS 9.9) and CVE-2026-0863 (CVSS 8.5), affect n8n’s AST-based sandbox and could be abused via weaknesses in the sanitisation logic of the Abstract Syntax Tree.
CVE-2026-1470 was found in the expression evaluation engine and could let an attacker execute arbitrary JavaScript, while CVE-2026-0863 concerns the Python code execution flow of the Code node, which, when run in Internal configuration, could execute Python as a subprocess on the main node and compromise the entire instance. JFrog notes that bypassing AST-based protections remains possible due to a deprecated statement the parser still supports.
The two vulnerabilities have been addressed in n8n versions 1.123.17, 2.4.5 and 2.5.1, and 1.123.14, 2.3.5 and 2.4.2 respectively. Written by Ionut Arghire, the piece highlights the ongoing challenge of safely sandboxing dynamic languages like JavaScript and Python.