We have published security patches and security advisories for a set of recently discovered high- or critical-severity security vulnerabilities affecting n8n.
These vulnerabilities have been fixed in the following n8n versions:
-
1.x: Versions < 1.123.22 are patched in 1.123.22
-
Stable: Versions >= 2.0.0 < 2.9.3 are patched in 2.9.3
-
Beta: Versions >= 2.10.0 < 2.10.1 are patched in 2.10.1
The relevant security advisories are available here:
-
CVE-2026-27577 — Expression Sandbox Escape Leading to RCE (Critical) (GHSA-vpcf-gvg4-6qwr)
-
CVE-2026-27497 — Remote Code Execution via Merge Node (Critical) (GHSA-wxx7-mcgf-j869)
-
CVE-2026-27495 — Sandbox Escape in JavaScript Task Runner (Critical) (GHSA-jjpj-p2wh-qf23)
-
CVE-2026-27498 — Arbitrary Command Execution via File Write and Git Operations (Critical) (GHSA-x2mw-7j39-93xq)
-
CVE-2026-27494 — Python Code Node Sandbox Escape (Critical) (GHSA-mmgg-m5j7-f83h)
-
CVE-2026-27493 — Unauthenticated Expression Evaluation via Form Node (High) (GHSA-75g8-rv7v-32f7)
-
CVE-2026-27578 — Stored XSS via Various Nodes (High) (GHSA-2p9h-rqjw-gm92)
If you are running a version below the fixed version for your release branch, please upgrade to the applicable fixed version (or later) as soon as possible to protect your instance.
n8n Cloud: Cloud instances have already been patched (or are being patched) proactively by the n8n team. No customer action is required for n8n Cloud.
We will update this post if our guidance changes.
The n8n Security Team