How to fix CVE-2026-27495?

Within 24 hours: Inventory all n8n deployments and identify which versions are running (check if below 1.123.22, 2.9.3, or 2.10.1). Restrict workflow creation/modification permissions to only essential administrators and audit recent workflow changes for suspicious activity. Within 7 days: Implement network segmentation to isolate n8n instances and their connected systems; deploy enhanced logging and monitoring on n8n instances for unusual code execution patterns. Within 30 days: Upgrade to patched versions (1.123.22, 2.9.3, or 2.10.1 or later) once available, or migrate to alternative workflow automation platforms if upgrade timeline is uncertain.

Is AI / ML affected by CVE-2026-27495?

A critical vulnerability in n8n workflow automation platform allows authenticated users to bypass security controls and execute arbitrary code on affected systems.

CVE-2026-27495

CRITICAL

2026-02-25 [email protected]

GHSA-jjpj-p2wh-qf23

9.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 25, 2026 - 23:16 nvd

CRITICAL 9.9

Description

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Analysis

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Remediation

Within 24 hours: Inventory all n8n deployments and identify which versions are running (check if below 1.123.22, 2.9.3, or 2.10.1). Restrict workflow creation/modification permissions to only essential administrators and audit recent workflow changes for suspicious activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +50

POC: 0

CVE-2026-27495 vulnerability details – vuln.today

Back

CVE-2026-27495

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-27495

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code