Hi n8n team,
I would like to report a security issue related to environment variables being accessible from workflows.
Any user who can create a workflow can exfiltrate OS environment variables by using the Send Email node. For example, as shown in the attached screenshot, using the following expression in the email body:
{{ $env.DB_POSTGRESDB_PASSWORD }}
will send out the actual database password via email.
Steps to reproduce:
- Log into n8n with a regular user account (non-admin is enough).
- Create a new workflow.
- Add a “Send Email” node.
- In the HTML or text body field, enable expressions and insert: {{ $env.DB_POSTGRESDB_PASSWORD }}
- Execute the workflow.
- Check the received email – it contains the real value of the environment variable.
Actual behavior:
Any user who can create workflows can read and send out sensitive OS-level environment variables (such as database passwords) via email or other nodes.
This effectively allows users to exfiltrate credentials and other secrets from the host system.
Expected behavior:
Regular users should not be able to directly read OS environment variables, especially sensitive ones like passwords, API keys, tokens, etc.
Ideally, n8n should:
Allow admins to disable or restrict access to $env.* in workflows, or
Limit $env access to admins / privileged roles only, or
Provide a whitelist of environment variables that can be accessed from workflows.
Impact:
Any compromised or malicious user account with workflow-creation permissions can very easily leak all environment variables (including database credentials and other secrets) by sending them via email or other integrations.
This is a serious security risk for production deployments.
Please let me know if you need more details, logs, or a minimal workflow example to reproduce this issue.
Thank you.