Critical RCE Vulnerability Discovered in n8n Workflow Automation Platform (CVE-2026-27577)
Key Takeaways
- ▸A critical RCE vulnerability in n8n's expression sandbox can be exploited by authenticated users with workflow editing permissions to execute arbitrary code on the server
- ▸The vulnerability chains two separate flaws: a CallExpression-based sandbox bypass and unsanitized node name injection into expression templates
- ▸The PrototypeSanitizer's limitation in checking only Identifier nodes allows attackers to wrap dangerous function references in function calls to evade detection
Summary
Security researchers have discovered a critical vulnerability (CVE-2026-27577) in n8n, the popular open-source workflow automation platform used by over 230,000 active users, that allows authenticated users with workflow editing permissions to achieve Remote Code Execution on the server. The vulnerability combines two distinct security flaws: a bypass of the expression sandbox's PrototypeSanitizer that prevents extension of dangerous base classes like Function, and node name injection points that lack proper sanitization. By leveraging a CallExpression wrapper to disguise Function calls as non-Identifier nodes, attackers can bypass sandbox restrictions and extend the Function class, enabling arbitrary code execution on the server.
The first vulnerability exploits the fact that n8n's PrototypeSanitizer only checks for Identifier nodes when validating class declarations but ignores CallExpression nodes. An attacker can write class Z extends (() => Function)() {} to extend the Function class at runtime without triggering validation errors. The second vulnerability stems from multiple code locations where node names are directly interpolated into expression strings without sanitization, allowing workflow editors to inject malicious JavaScript code through node renaming. When chained together, these vulnerabilities provide a direct path from node name manipulation to full remote code execution, including access to environment variables, database credentials, and encryption keys. The vulnerability has been assigned a CVSS 4.0 score of 9.4 (Critical) and was discovered during a security assessment using Striga, an AI-driven vulnerability detection platform.
- Multiple code locations across the codebase interpolate user-controlled node names directly into expressions without escaping or validation, creating injection vectors
Editorial Opinion
This vulnerability highlights a critical gap in n8n's defense-in-depth approach to sandboxing. While the PrototypeSanitizer represents a reasonable first-line defense, its narrow focus on Identifier nodes demonstrates how AST-based security can be circumvented through relatively simple code transformations. The discovery underscores the importance of AI-assisted security scanning in identifying subtle evasion techniques that might escape traditional code review. Organizations running n8n should prioritize patching immediately, and the n8n team should conduct a comprehensive audit of all expression evaluation and variable interpolation points to prevent similar vulnerabilities.
