VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-cxss-9g41-gfb7

Essentials
Severities (20)
References (9)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-cxss-9g41-gfb7
Aliases	CVE-2026-1470 GHSA-5xrp-6693-jjx9
Summary	n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.02265	https://api.first.org/data/v1/epss?cve=CVE-2026-1470
epss	0.02265	https://api.first.org/data/v1/epss?cve=CVE-2026-1470
epss	0.02265	https://api.first.org/data/v1/epss?cve=CVE-2026-1470
epss	0.02265	https://api.first.org/data/v1/epss?cve=CVE-2026-1470
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-5xrp-6693-jjx9
cvssv3.1	9.9	https://github.com/n8n-io/n8n
generic_textual	CRITICAL	https://github.com/n8n-io/n8n
cvssv3.1	9.9	https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f
generic_textual	CRITICAL	https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f
cvssv3.1	9.9	https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4
generic_textual	CRITICAL	https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4
cvssv3.1	9.9	https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
generic_textual	CRITICAL	https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
ssvc	Track*	https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
cvssv3.1	9.9	https://nvd.nist.gov/vuln/detail/CVE-2026-1470
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2026-1470
cvssv3.1	9.9	https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce
generic_textual	CRITICAL	https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce
cvssv3.1	9.9	https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/
ssvc	Track*	https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2026-1470
		https://github.com/n8n-io/n8n
		https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f
		https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4
		https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce
aa4d1e5825829182afa0ad5b81f602638f55fa04		https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
CVE-2026-1470		https://nvd.nist.gov/vuln/detail/CVE-2026-1470
GHSA-5xrp-6693-jjx9		https://github.com/advisories/GHSA-5xrp-6693-jjx9
n8n-expression-node-rce		https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-27T14:35:25Z/ Found at https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-1470

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-27T14:35:25Z/ Found at https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/

Exploit Prediction Scoring System (EPSS)

Percentile	0.84993
EPSS Score	0.02265
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:49:51.145641+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2026/1xxx/CVE-2026-1470.json	38.6.0