CVE-2026-27577: n8n RCE: When 'Do Not Enter' is Just a Suggestion

# security# cve# cybersecurity
CVE-2026-27577: n8n RCE: When 'Do Not Enter' is Just a SuggestionCVE Reports

n8n RCE: When 'Do Not Enter' is Just a Suggestion Vulnerability ID: CVE-2026-27577 CVSS...

n8n RCE: When 'Do Not Enter' is Just a Suggestion

Vulnerability ID: CVE-2026-27577
CVSS Score: 9.4
Published: 2026-02-25

A critical Remote Code Execution (RCE) vulnerability in n8n (CVE-2026-27577) allows attackers to compromise the host system by chaining a trivial authentication bypass in the ChatTrigger node with a sophisticated sandbox escape. This isn't just a minor bug; it's a full-system compromise waiting to happen for any instance exposing the LangChain integration. By exploiting a logic error in cookie validation and a parsing oversight in the Abstract Syntax Tree (AST) rewriter, attackers can execute arbitrary system commands with the privileges of the n8n process.

TL;DR

n8n's ChatTrigger node checked if an auth cookie existed, not if it was valid. Combined with a failure to sanitize the JavaScript spread operator (...) and Python's __objclass__ in the execution sandbox, this allows unauthenticated RCE.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-94 (Code Injection)
  • Attack Vector: Network (AV:N)
  • CVSS Score: 9.4 (Critical)
  • Auth Required: None (via Bypass)
  • Exploit Status: High Probability / Trivial
  • Impact: Full System Compromise

Affected Systems

  • n8n Workflow Automation (Self-Hosted)
  • n8n Cloud (Fixed via managed updates)
  • LangChain Integration for n8n
  • n8n: < 1.123.22 (Fixed in: 1.123.22)
  • n8n: 2.0.0 - < 2.9.3 (Fixed in: 2.9.3)
  • n8n: 2.10.0 (Fixed in: 2.10.1)

Code Analysis

Commit: 1479aab

Fix: Prevent expression sandbox escape via spread operator and property access

@@ -120,6 +120,7 @@ export class ExpressionSandbox {
+      SpreadElement: (node) => this.visitSpreadElement(node),
...
Enter fullscreen mode Exit fullscreen mode

Commit: 9e5212e

Fix: Validate auth cookie signature in GenericFunctions

@@ -45,7 +45,7 @@
-    if (!authCookie && webhookName !== 'setup') {
+    if (!validateCookie(authCookie) && webhookName !== 'setup') {
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Update n8n to patched versions immediately.
  • Place n8n behind a VPN or authenticated reverse proxy (e.g., Cloudflare Zero Trust, Authelia).
  • Run n8n in a restricted Docker container with no root privileges and read-only filesystems.

Remediation Steps:

  1. Pull the latest Docker image: docker pull n8nio/n8n:latest
  2. Verify version is >= 2.10.1, 2.9.3, or 1.123.22.
  3. Restart the container.
  4. Audit existing workflows for suspicious ChatTrigger nodes or unauthorized modifications.

References

Read the full report for CVE-2026-27577 on our website for more details including interactive diagrams and full exploit analysis.