n8n form RCE and credential vault exposure: what teams need to know

TL;DR: A zero-click, unauthenticated RCE in n8n lets anyone who reaches a public multi-step form execute shell commands, with over 50,000 exposed forms identified and affected versions spanning self-hosted and cloud deployments, according to Pillar Security. The breach shows that public workflow forms can turn a single submission into credential vault compromise, making trust boundaries and input rendering the real security fault line.

NHIMG editorial — based on content published by Pillar Security: Zero Click Unauthenticated RCE in n8n, a contact form that executes shell commands

Questions worth separating out

Q: What breaks when a public workflow form can re-evaluate user input?

A: A public workflow form stops being a data collection tool and becomes an execution surface.

Q: Why do credential-bearing automation platforms create outsized NHI risk?

A: They concentrate secrets, access tokens, and encryption keys behind a small number of execution paths.

Q: How do teams know if a workflow platform is exposing them to hidden execution risk?

A: Look for public endpoints, multi-step forms, reflected input, and any rendering step that processes user content after substitution.

Practitioner guidance

• Inventory every public form workflow Identify all internet-facing n8n form endpoints, especially multi-step forms that reflect user input back to the submitter.
• Patch affected instances immediately Move self-hosted deployments to n8n 2.10.1, 2.9.3, or 1.123.22 depending on the release channel.
• Rotate stored credentials after exposure If an affected instance was reachable during the vulnerable period, rotate every stored secret, including AWS keys, database passwords, OAuth tokens, API keys, and the encryption key used to protect them.

What's in the full article

Pillar Security's full research covers the operational detail this post intentionally leaves for the source:

• The exact form-node rendering path that enables double evaluation and how the exploit flows through the pipeline.
• The SpreadElement sandbox escape mechanics and why the AST rewrite gap bypasses runtime sanitizers.
• The patch set introduced in n8n 2.10.1, 2.9.3, and 1.123.22, including which code paths were removed or hardened.
• The disclosure timeline, advisory identifiers, and reproduction details that implementation teams can use for validation.

👉 Read Pillar Security's analysis of zero-click n8n RCE and exposed credentials →

n8n form RCE and credential vault exposure: what teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →