CVE-2026-27495: n8n has a Sandbox Escape in its JavaScript Task Runner
(updated )
An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary.
On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner.
- Task Runners must be enabled using
N8N_RUNNERS_ENABLED=true.
References
- docs.n8n.io/hosting/configuration/task-runners
- github.com/advisories/GHSA-jjpj-p2wh-qf23
- github.com/n8n-io/n8n
- github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
- github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
- github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
- github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23
- nvd.nist.gov/vuln/detail/CVE-2026-27495
Code Behaviors & Features
Detect and mitigate CVE-2026-27495 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →