{"data":{"id":"3377ae66-9b97-40b5-a22a-3c69a2b9c3f4","title":"GHSA-vpcf-gvg4-6qwr: n8n: Expression Sandbox Escape Leads to RCE","summary":"n8n, a workflow automation tool, has a vulnerability where authenticated users with permission to create or modify workflows can exploit expression evaluation (the process of interpreting code within workflow parameters) to execute arbitrary system commands on the host server. This is a serious security flaw because it allows attackers to run unintended commands on the underlying system.","solution":"Upgrade to n8n version 2.10.1, 2.9.3, or 1.123.22 or later. If immediate upgrade is not possible, limit workflow creation and editing permissions to fully trusted users only, and deploy n8n in a hardened environment with restricted operating system privileges and network access. However, these temporary mitigations do not fully remediate the risk.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-vpcf-gvg4-6qwr","publishedAt":"2026-02-25T22:05:09.000Z","cveId":"CVE-2026-27577","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.10.0, < 2.10.1 (fixed: 2.10.1)","n8n@>= 2.0.0, < 2.9.3 (fixed: 2.9.3)","n8n@< 1.123.22 (fixed: 1.123.22)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00152,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}