Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-axyq-35hd-skhq
Vulnerability ID VCID-axyq-35hd-skhq
Aliases CVE-2026-27577
GHSA-vpcf-gvg4-6qwr
Summary n8n: Expression Sandbox Escape Leads to RCE Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://docs.n8n.io/hosting/securing/overview
https://github.com/n8n-io/n8n
https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6
https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e
CVE-2026-27577 https://nvd.nist.gov/vuln/detail/CVE-2026-27577
GHSA-v98v-ff95-f3cp https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
GHSA-vpcf-gvg4-6qwr https://github.com/advisories/GHSA-vpcf-gvg4-6qwr
GHSA-vpcf-gvg4-6qwr https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:50:46.910384+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/n8n/CVE-2026-27577.yml 38.6.0