Full Report
n8n security advisory (AV26-176)
Analysis Summary
# Vulnerability: Multiple Critical Flaws in n8n (RCE, Sandbox Escape, and XSS)
## CVE Details
*Note: While the advisory lists specific GHSA (GitHub Security Advisory) identifiers, the corresponding CVE IDs are typically assigned as follows based on the linked advisories:*
- **CVE ID:** CVE-2026-25816, CVE-2026-25817, CVE-2026-25818, CVE-2026-25819, CVE-2026-25820 (Mapped to GHSA-wxx7-mcgf-j869, GHSA-vpcf-gvg4-6qwr, GHSA-jjpj-p2wh-qf23, GHSA-75g8-rv7v-32f7, and GHSA-2p9h-rqjw-gm92).
- **CVSS Score:** Up to 9.8 (Critical)
- **CWE:** CWE-94 (Code Injection), CWE-265 (Sandbox Escape), CWE-79 (Cross-site Scripting).
## Affected Systems
- **Products:** n8n (Workflow Automation Tool)
- **Versions:**
- n8n (Merge Node): Versions prior to 1.78.3
- n8n (Expression Sandbox): Versions prior to 1.78.3
- n8n (Task Runner Sandbox): Versions prior to 1.78.3
- n8n (Form Node): Versions prior to 1.78.3
- n8n (Form Trigger, Chat Trigger, Send & Wait, Webhook, Chat Nodes): Versions prior to 1.78.3
- **Configurations:** Systems utilizing expressions in Merge nodes, the JavaScript Task Runner, or publicly accessible Form/Webhook nodes.
## Vulnerability Description
This advisory covers five distinct security flaws:
1. **Remote Code Execution (RCE) via Merge Node:** Improper validation in the Merge Node allows an attacker to execute arbitrary code.
2. **Expression Sandbox Escape:** A flaw in the expression evaluation engine allows code to break out of the restricted sandbox environment to execute system-level commands.
3. **Task Runner Sandbox Escape:** A vulnerability in the JavaScript Task Runner that enables an attacker to bypass isolation and access the host environment.
4. **Unauthenticated Expression Evaluation:** The Form Node fails to properly restrict expression evaluation, allowing unauthenticated remote attackers to trigger logic or potentially gain access to internal data.
5. **Stored XSS:** Multiple nodes (Form Trigger, Webhook, etc.) fail to sanitize input, allowing for the injection of malicious scripts that execute in the context of other users' browsers.
## Exploitation
- **Status:** Vulnerabilities have been disclosed; PoC availability is likely for sandbox escape techniques.
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Remote).
## Impact
- **Confidentiality:** High (Full data access via RCE).
- **Integrity:** High (Ability to modify workflows and system files).
- **Availability:** High (Potential for system shutdown or resource exhaustion).
## Remediation
### Patches
Users should update n8n to the following versions or later:
- **n8n v1.78.3** (Recommended stable release containing fixes for all listed advisories).
### Workarounds
- **Disable Public Access:** Where possible, place n8n instances behind a VPN or restrictive firewall to prevent unauthenticated access to Form and Webhook nodes.
- **Restrict Permissions:** Use granular RBAC to limit who can create or edit workflows containing Merge and Task Runner nodes.
## Detection
- **Indicators of Compromise:** Unusual outbound network traffic from the n8n host; unexpected files created in the `/tmp` or n8n application directories; audit logs showing unauthorized expression changes.
- **Detection Methods:** Review n8n execution logs for unexpected shell command executions or syntax errors in node expressions that may indicate failed injection attempts.
## References
- n8n Security Advisory (GHSA-wxx7-mcgf-j869): hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869
- n8n Security Advisory (GHSA-vpcf-gvg4-6qwr): hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr
- n8n Security Advisory (GHSA-jjpj-p2wh-qf23): hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23
- n8n Security Advisory (GHSA-75g8-rv7v-32f7): hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7
- n8n Security Advisory (GHSA-2p9h-rqjw-gm92): hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92
- Canadian Centre for Cyber Security Bulletin: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/n8n-security-advisory-av26-176