CVE-2026-27494
Published: 25 February 2026
Summary
CVE-2026-27494 is a critical-severity Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) vulnerability in N8N N8N. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of flaws like this sandbox escape vulnerability through patching to versions 2.10.1, 2.9.3, or 1.123.22.
Enforces least privilege by restricting workflow creation and modification permissions to fully trusted users, preventing low-privilege authenticated attackers from exploiting the Python Code node.
Implements least functionality by disabling unnecessary features like the Python Code node via NODES_EXCLUDE environment variable, blocking the primary exploitation vector.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape in Python Code node of network-exposed workflow platform directly enables T1190 exploitation for RCE via T1059.006 Python, T1005 local file exfiltration, and T1068 privilege escalation to host compromise.
NVD Description
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently…
more
restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only., and/or disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Deeper analysisAI
CVE-2026-27494 is a sandbox escape vulnerability in n8n, an open source workflow automation platform. Affecting versions prior to 2.10.1, 2.9.3, and 1.123.22, the issue resides in the Python Code node, which fails to sufficiently restrict access to certain built-in Python objects. This allows an authenticated user with permission to create or modify workflows to bypass sandbox protections, enabling file content exfiltration or remote code execution (RCE). The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-497 (Legacy Detected: Side Channel Information Leak).
An attacker requires low-privilege authentication and workflow creation or modification permissions to exploit this via a malicious Python Code node. On default configurations using internal Task Runners, successful exploitation leads to full compromise of the n8n host. In setups with external Task Runners enabled via the N8N_RUNNERS_ENABLED=true environment variable, the attacker could gain access to or disrupt other tasks executed on the Task Runner.
The vulnerability is patched in n8n versions 2.10.1, 2.9.3, and 1.123.22; users are advised to upgrade immediately. As interim mitigations, administrators should restrict workflow creation and editing to fully trusted users and/or disable the Code node by setting the NODES_EXCLUDE environment variable to include n8n-nodes-base.code. These workarounds provide only partial protection and are not substitutes for patching. Details are available in the n8n security advisory (GHSA-mmgg-m5j7-f83h) and release notes for the fixed versions.
Details
- CWE(s)