Four critical vulnerabilities (CVSS 9.4–9.5) in the n8n workflow automation platform create a chained attack path from unauthenticated remote code execution to full decryption of every credential stored in n8n’s database. The most dangerous entry point, CVE-2026-27493, requires no authentication and targets publicly exposed Form nodes by design. Because n8n functions as an integration hub connecting cloud services, databases, and SaaS platforms, a successful exploit extends the blast radius to every downstream service whose credentials are stored — making this a multi-system credential compromise, not just an RCE event.
The defining characteristic of this vulnerability set is the attack chain it enables, not any single CVE in isolation. CVE-2026-27493 (CVSS 9.5) is the critical entry point: a double-evaluation flaw in n8n’s Form nodes that allows unauthenticated attackers to submit crafted payloads through public-facing form endpoints and execute arbitrary shell commands on the host. Because Form nodes are designed to be externally accessible, organizations that have deployed n8n for customer-facing or internal workflow automation have unknowingly exposed a direct RCE surface to the internet with no credential barrier. Researcher Eilon Cohen at Pillar Security confirmed the chain: CVE-2026-27493 plus CVE-2026-27577 (CVSS 9.4, a sandbox escape via an incomplete AST rewriter allowing the ‘process’ object to pass untransformed) yields host-level code execution as an unauthenticated external attacker.
The credential exposure dimension is the most consequential aspect of this disclosure and the one most likely to be underweighted in initial triage. Successful exploitation of the RCE chain enables reading the N8N_ENCRYPTION_KEY environment variable — the master decryption key for every credential stored in n8n’s database. That single pivot converts an RCE into bulk credential theft: AWS access keys, OAuth tokens, database passwords, and API keys for every service n8n is connected to. Organizations should not model this as a server compromise. They should model it as a simultaneous breach of every integrated service. The credential exposure risk persists even after patching if the instance was network-accessible during the vulnerability window, because the N8N_ENCRYPTION_KEY and stored credentials may already have been exfiltrated.
The two authenticated CVEs, CVE-2026-27495 (CVSS 9.4, code injection in the JavaScript Task Runner sandbox) and CVE-2026-27497 (CVSS 9.4, SQL query mode abuse in the Merge node enabling code execution and arbitrary file writes), represent a second-tier threat that applies to insider threat scenarios and post-compromise lateral movement. Environments where n8n workflow editing rights are broadly distributed — DevOps pipelines, marketing automation teams, data engineering — face elevated risk from these vectors. Neither requires external access; both require only that an attacker hold a workflow editor account.
The affected version range is broad: all n8n versions below 1.123.22, all 2.x versions below 2.9.3, and 2.10.0. Both self-hosted and cloud deployments are affected. Patches are available in versions 2.10.1, 2.9.3, and 1.123.22, and all four CVEs are addressed in those releases. n8n’s published workarounds — excluding Form nodes via NODES_EXCLUDE and enabling external runner mode — reduce attack surface but are explicitly acknowledged by maintainers as incomplete mitigations. They should be applied immediately as interim controls, not treated as sufficient remediation. No exploitation in the wild has been reported as of disclosure, but the zero-credential-barrier entry point through CVE-2026-27493 makes active exploitation a near-term probability, particularly against internet-exposed instances.
One gap in the current disclosure is the absence of post-exploitation indicators of compromise (IOCs): no process signatures, no command patterns, no log artifacts tied to known exploitation attempts have been published. Security teams cannot rely on detection to substitute for patching here. The actionable priorities are: patch or isolate immediately, treat any exposed instance as potentially compromised, and rotate all credentials stored in n8n regardless of patch status if the instance had any network exposure during the vulnerability window. Asset inventory teams should reclassify n8n instances from ‘workflow tool’ to ‘credential aggregator’ to ensure appropriate monitoring and access controls are applied.
- Patch immediately to n8n 2.10.1, 2.9.3, or 1.123.22 — all four CVEs are fixed. If patching is not immediately possible, add n8n-nodes-base.form and n8n-nodes-base.formTrigger to NODES_EXCLUDE to remove the unauthenticated attack surface for CVE-2026-27493.
- Rotate all credentials stored in n8n’s database — AWS keys, OAuth tokens, database passwords, API keys — if the instance was network-accessible before patching. Do not wait to confirm exploitation; treat exposure as assumed compromise for credential hygiene purposes.
- Reclassify n8n in your asset inventory as a credential aggregator. Its blast radius is not limited to the n8n host — every downstream service connected through stored credentials is in scope for breach notification and incident response planning.
- Restrict workflow creation and editing rights to the minimum required set of users. CVE-2026-27577, CVE-2026-27495, and CVE-2026-27497 all require authenticated workflow access — limiting that access directly reduces exploitable surface.
- No IOCs for active exploitation have been published. Detection cannot substitute for patching here. Prioritize remediation and credential rotation over detection-based response.
