{"id":4811,"date":"2026-03-12T17:37:03","date_gmt":"2026-03-12T17:37:03","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/03\/12\/critical-zero-click-flaw-in-n8n-allows-full-server-compromise\/"},"modified":"2026-03-12T17:37:03","modified_gmt":"2026-03-12T17:37:03","slug":"critical-zero-click-flaw-in-n8n-allows-full-server-compromise","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/03\/12\/critical-zero-click-flaw-in-n8n-allows-full-server-compromise\/","title":{"rendered":"Critical Zero-Click Flaw in n8n Allows Full Server Compromise"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Researchers at Pillar Security have found two new critical vulnerabilities in self-hosted and cloud n8n deployments.<\/p>\n<p>N8n is a popular open-source workflow automation platform powering hundreds of thousands of enterprise AI systems worldwide.<\/p>\n<p>One of the flaws, tracked as CVE-2026-27493, can lead to full takeover of a server without the target clicking on anything and without the attacker needing to be authenticated.<\/p>\n<p>Both vulnerabilities affect both n8n Cloud and self-hosted n8n instances.<\/p>\n<h2><strong>Sandbox Escape Flaw: CVE-2026-27577 Explained <\/strong><\/h2>\n<p>In December 2025, Pillar Security reported two maximum-severity (CVSS score of 10) sandbox escape vulnerabilities to n8n that could allow attackers to achieve complete server control and steal any stored credentials.<\/p>\n<p>These findings prompted n8n to release an initial patch update in December followed by nine security fixes in early 2026. When applied, these security updates would fix the initial vulnerabilities found by Pillar Security.<\/p>\n<p>However, the security researchers continued investigating n8n in February and found two additional flaws that were not addressed by the December-January security patches.<\/p>\n<p>The first was initially reported by GitHub as CVE-2026-27577 on February 25.<\/p>\n<p>This sandbox escape in the expression compiler is due to a missing case in the AST rewriter that lets the process slip through untransformed, allowing any authenticated attacker full remote code execution (RCE).<\/p>\n<p>The Pillar Security researchers emphasized that, because n8n is a credential vault by function and stores keys to every system it connects to, a single sandbox escape exposes the n8n instance and every connected system.<\/p>\n<p>\u201cPost-exploitation is straightforward: the attacker reads the N8N_ENCRYPTION_KEY environment variable and uses it to decrypt every credential stored in n8n\u2019s database: AWS keys, database passwords, OAuth tokens, API keys,\u201d they wrote in a March 11 report.<\/p>\n<p>CVE-2026-27577 has been assigned a critical severity rating of 9.4 (CVSS v4.0).<\/p>\n<p><em>Read more:\u00a0 Maximum Severity \u201cNi8mare\u201d Bug Lets Hackers Hijack n8n Servers<\/em><\/p>\n<h2><strong>Zero-Click Unauthenticated Flaw: CVE-2026-27493 Explained<\/strong><\/h2>\n<p>The second flaw was also reported by GitHub on February 25 and is tracked as CVE-2026-27493.<\/p>\n<p>According to Pillar Security, CVE-2026-27493 takes it further than CVE-2026-27577.<\/p>\n<p>This critical vulnerability (CVSS v4.0 rating of 9.5) is due to a double-evaluation bug in n8n\u2019s Form nodes that turns any multi-step form that displays user input back into an expression injection point.<\/p>\n<p>Since the form endpoints are public by design, an attacker doesn\u2019t need any authentication, n8n account or workflow access to exploit it.<\/p>\n<p>\u201cA public \u2018Contact Us\u2019 form will run arbitrary shell commands if you type a payload into the Name field,\u201d the Pillar Security researchers explained.<\/p>\n<p>They also warned that for n8n Cloud and multi-tenant deployments, the impact extends beyond the individual instance.<\/p>\n<p>\u201cAs demonstrated previously, sandbox escapes on n8n Cloud grant access to shared infrastructure, creating cross-tenant risk: a single public form on one tenant\u2019s workflow could serve as the entry point. We assess the same cross-tenant risk applies based on the shared expression engine and infrastructure architecture confirmed during our earlier research,\u201d the researchers added.<\/p>\n<h2><strong>N8n Fixes and Mitigations<\/strong><\/h2>\n<p>However, the Pillar Security specified that n8n Cloud should have already benefitted from automated fixes.<\/p>\n<p>People self-hosting n8n instances are urged to update to versions 2.10.1, 2.9.3 or 1.123.22 of n8n, depending on their release channel.<\/p>\n<p>Pillar Security also recommended users to rotate all stored credentials if a vulnerable workflow is found in their n8n environment.<\/p>\n<p>\u201cAny instance running an affected version could have exposed N8N_ENCRYPTION_KEY, which decrypts every credential stored in the platform,\u201d the researchers said.<\/p>\n<p><em>Read more: Critical and High Severity n8n Sandbox Flaws Allow RCE<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Researchers at Pillar Security have found two new critical vulnerabilities in self-hosted and cloud n8n deployments. N8n is a popular open-source workflow automation platform powering hundreds of thousands of enterprise AI systems worldwide. One of the flaws, tracked as CVE-2026-27493, can lead to full takeover of a server without the target clicking on anything and<\/p>\n","protected":false},"author":2,"featured_media":4812,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4811-aeea7fa6-01bb-46ca-b124-575f4736e4e7-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4811"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4811\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4812"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}