AI / ML CVE-2026-1470
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.
An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
AnalysisAI
n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through crafted workflow expressions.
Technical ContextAI
n8n has a CWE-95 eval injection in the workflow Expression evaluator. Fifth critical n8n vulnerability discovered.
RemediationAI
Update n8n. All five RCE vulnerabilities must be addressed.
MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication i
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerabilit
Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary
Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes
Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the e
enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Er
A remote code execution vulnerability in langchain-ai/langchain (CVSS 10.0). Risk factors: public PoC available. Vendor
Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary fil
WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as
OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS
Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.
SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database c
Same weakness CWE-95 – Eval Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-5xrp-6693-jjx9