n8n sandbox bypass: what it means for workflow server security

TL;DR: A CVE-2026-1470 flaw in n8n lets authenticated users bypass the JavaScript sandbox and run arbitrary commands on self-hosted servers, with JFrog warning that vulnerable versions include 1.x before 1.123.17, 2.4.x before 2.4.5, and 2.5.x before 2.5.1. The issue turns workflow automation into a high-value control plane exposure, not just an app bug.

NHIMG editorial — based on content published by Orca Security: analysis of CVE-2026-1470 affecting n8n

By the numbers:

• CVE-2026-1470 affects n8n 1.x versions before 1.123.17, 2.4.x before 2.4.5, and 2.5.x before 2.5.1.

Questions worth separating out

Q: What breaks when a workflow engine sandbox can be bypassed?

A: The platform stops behaving like a constrained automation tool and starts behaving like a privileged execution environment.

Q: Why do workflow automation platforms create outsized access risk?

A: They often concentrate credentials for many connected systems in one place.

Q: How should security teams limit exposure from code-bearing workflows?

A: Separate workflow authoring from production secret access, and treat workflow-editing permissions as privileged.

Practitioner guidance

• Patch vulnerable n8n deployments immediately Move self-hosted instances to n8n 1.123.17+, 2.4.5+, or 2.5.1+ and verify that the patched build is the one actually running in production.
• Restrict workflow editing to trusted operators Limit create and edit permissions to a small group, then review whether those users also have indirect access to secrets or production-integrated workflows.
• Remove internet exposure from self-hosted instances Place the workflow server behind network controls and avoid exposing authoring interfaces directly to the internet, especially where the platform brokers production credentials.

What's in the full article

Orca Security's full article covers the operational detail this post intentionally leaves for the source:

• The exact JavaScript sandbox bypass pattern involving with statements and constructor resolution
• Version-by-version remediation guidance for self-hosted n8n deployments
• Related CVE-2026-0863 details for the Python Code Node and its patched releases
• Exposure-context analysis for runtime reachability, internet accessibility, and asset criticality

👉 Read Orca Security's analysis of the n8n sandbox bypass and patch scope →

n8n sandbox bypass: what it means for workflow server security?

Explore further

View Full Forum →  |  NHI Foundation Course →