{"data":{"id":"ffa1e546-9562-4a4c-89eb-d01114c8ffe5","title":"GHSA-75g8-rv7v-32f7: n8n has Unauthenticated Expression Evaluation via Form Node","summary":"n8n had a vulnerability in its Form nodes where an unauthenticated attacker could inject malicious code by submitting specially crafted form data that starts with an equals sign (=), which the system would then execute as an expression. While this vulnerability alone is limited, it could potentially lead to remote code execution if combined with another type of attack that bypasses n8n's expression sandbox (a security boundary that restricts what code can access).","solution":"The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily: (1) manually review form nodes to check if they have the problematic configuration, (2) disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, or (3) disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-75g8-rv7v-32f7","publishedAt":"2026-02-25T21:21:36.000Z","cveId":"CVE-2026-27493","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.10.0, < 2.10.1 (fixed: 2.10.1)","n8n@>= 2.0.0, < 2.9.3 (fixed: 2.9.3)","n8n@< 1.123.22 (fixed: 1.123.22)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00234,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}