平台
nodejs
组件
n8n
修复版本
1.123.23
2.0.1
2.10.1
1.123.22
CVE-2026-27495 is a Remote Code Execution (RCE) vulnerability affecting n8n, a workflow automation platform. An authenticated user with workflow creation/modification privileges can exploit a flaw in the JavaScript Task Runner sandbox to execute arbitrary code. This vulnerability poses a significant threat, potentially leading to full compromise of the n8n host, particularly when using the default internal Task Runner mode. Affected versions include those prior to 1.123.22; upgrade to a patched version to resolve the issue.
The impact of CVE-2026-27495 is severe. An attacker who can create or modify workflows within an n8n instance can leverage this vulnerability to execute arbitrary code outside the intended sandbox boundary. In instances utilizing the default internal Task Runner mode, this could result in complete compromise of the n8n server, granting the attacker full control over the system. Even with external Task Runners, the attacker could potentially gain access to or impact other tasks executed on the Task Runner. The vulnerability requires the Task Runners to be enabled using the environment variable N8NRUNNERSENABLED=true, which is the default configuration.
CVE-2026-27495 was publicly disclosed on 2026-02-25. The vulnerability's severity is rated as CRITICAL (CVSS 9.5). Currently, there are no publicly available exploits, but the ease of exploitation given authenticated access makes it a high-priority concern. It is not listed on the CISA KEV catalog as of this writing.
Organizations heavily reliant on n8n for workflow automation, particularly those using the default internal Task Runner configuration, are at significant risk. Environments where user access controls are not strictly enforced, allowing unauthorized users to create or modify workflows, are especially vulnerable.
• nodejs / server:
ps aux | grep n8nCheck for unusual processes running within the n8n environment. • nodejs / server:
journalctl -u n8n -f | grep -i errorMonitor n8n logs for error messages or suspicious activity related to task execution. • generic web:
curl -I http://<n8n_host>/ | grep -i 'n8n/1.123.22'Verify the n8n version is patched (1.123.22 or later).
disclosure
漏洞利用状态
EPSS
0.08% (23% 百分位)
CISA SSVC
The primary mitigation for CVE-2026-27495 is to upgrade n8n to version 1.123.22 or later. If an immediate upgrade is not feasible, consider temporarily disabling Task Runners by setting the environment variable N8NRUNNERSENABLED=false. This will prevent new workflow creation and modification, limiting the attack surface. Review existing workflows for suspicious code. Monitor n8n logs for unusual activity related to task execution. After upgrading, confirm the fix by attempting to create a workflow with a JavaScript Task Runner and verifying that the code executes within the intended sandbox.
升级 n8n 到 2.10.1、2.9.3 或 1.123.22 版本或更高版本。如果无法立即升级,请限制创建和编辑工作流的权限给可信用户,以及/或使用外部执行模式 (`N8N_RUNNERS_MODE=external`) 以限制影响范围。请注意,这些替代方案并不能完全缓解风险,仅应将其用作短期缓解措施。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-27495 is a critical Remote Code Execution vulnerability in n8n, allowing authenticated users to execute arbitrary code through the JavaScript Task Runner sandbox.
You are affected if you are running n8n versions prior to 1.123.22 and have Task Runners enabled (default).
Upgrade n8n to version 1.123.22 or later. As a temporary workaround, disable Task Runners by setting N8NRUNNERSENABLED=false.
While no public exploits are currently known, the vulnerability's ease of exploitation makes it a high-priority concern.
Refer to the official n8n security advisory on their website or GitHub repository for the latest information.