Karma-X Blog

Technical Analysis

1. Root Cause & Vulnerability Mechanics

All the n8n flaws share a common theme: the platform’s JavaScript‑like expression engine is designed to run untrusted code in a sandbox. The sandbox relies on an Abstract Syntax Tree (AST) rewriter that rewrites expressions into a safe subset. CVE‑2026‑27577 exploits a missing case in this rewriter, allowing an attacker to inject code that bypasses the sandbox. CVE‑2026‑27493 takes advantage of a double‑evaluation bug where the same expression is evaluated twice, once in the form handler and again in the workflow engine, giving the attacker a second chance to inject malicious code. CVE‑2026‑25049 leverages the fact that public webhooks are exposed without authentication; a single line of JavaScript using destructuring syntax can trigger arbitrary shell commands. CVE‑2026‑25053 and CVE‑2026‑25056 exploit improper input validation in the Git and Merge nodes, respectively, enabling command injection and file writes that can be used to drop malicious payloads into executable directories.

2. Attack Chains

2.1 CVE‑2026‑27493 (Double‑Evaluation Bug)

1. Entry Point – An unauthenticated user accesses the public “Contact Us” form (/contact-us).
2. Payload Injection – The attacker submits a payload in the Name field. The payload is a JavaScript expression that will be evaluated twice: once by the form handler and once by the workflow engine.
3. First Evaluation – The form handler stores the payload in a temporary variable but does not sanitize it.
4. Second Evaluation – When the workflow engine processes the stored value, the expression is evaluated again, this time within the sandbox. Because the sandbox is bypassed (see CVE‑2026‑27577), the expression runs as native code.

5. Command Execution – The attacker can execute arbitrary shell commands. Example payload:

   const { execSync } = require('child_process');
   execSync('id');
   

   This returns the current user identity, demonstrating RCE.

Chainable: If CVE‑2026‑27577 is also present, the attacker can chain the double‑evaluation bug with a sandbox escape to achieve remote code execution on the host.

2.2 CVE‑2026‑27577 (Expression Sandbox Escape)

1. Prerequisite – The attacker must be authenticated and have permission to create or edit workflows.

2. Workflow Creation – The attacker crafts a malicious expression that targets the missing case in the AST rewriter. Example:

   {{$eval('process.env')}}
   

   The $eval function is normally sandboxed; the missing case allows it to be passed through unchanged.

3. Execution – When the workflow runs, the expression is evaluated as native JavaScript, exposing the host’s environment variables and allowing arbitrary command execution.
4. Privilege Escalation – Because n8n often runs with elevated privileges (e.g., to access internal services), the attacker can run commands with those privileges.

2.3 CVE‑2026‑25049 (Webhook Destructuring Injection)

1. Public Webhook – The attacker creates a workflow that exposes a webhook endpoint with no authentication.

2. Payload – A single line of JavaScript using destructuring syntax is injected into the webhook payload:

   const { execSync } = require('child_process'); execSync('whoami');
   

3. Trigger – Anyone can POST to the webhook URL, causing the payload to execute on the host.

4. Result – Arbitrary shell commands run with the n8n process’s privileges.

2.4 CVE‑2026‑25053 (Git Node Command Injection)

1. Workflow Modification – An authenticated user edits a workflow to include a Git node.
2. Unsanitized Input – The Git node accepts a repository URL or command string without sanitization.

3. Injection – The attacker crafts a malicious URL or command that includes shell metacharacters:

   https://example.com/repo.git; rm -rf /tmp/*
   

4. Execution – The Git node passes the string to the underlying shell, executing the injected command.

2.5 CVE‑2026‑25056 (Merge Node File Write)

1. Workflow Modification – An authenticated user configures a Merge node in SQL Query mode.

2. SQL Injection – The attacker injects a query that writes a file to the webroot:

   SELECT * INTO OUTFILE '/var/www/html/payload.js' FROM dual;
   

3. File Write – The file is written to an executable directory.

4. Execution – The attacker triggers the workflow, causing the server to serve the malicious script, leading to RCE.

2.6 CVE‑2025‑69258 (LoadLibraryEX DLL Injection)

1. MsgReceiver.exe – Listens on port 20001.
2. Message Crafting – The attacker sends a specially crafted message that instructs the process to load a malicious DLL via LoadLibraryEX.
3. Execution – The DLL runs with SYSTEM privileges, enabling full control over the host.

3. Code Snippets & PoC

3.1 CVE‑2026‑27493 Payload (Name Field)

// Name field payload for the public Contact Us form
const { execSync } = require('child_process');
execSync('id');

3.2 CVE‑2026‑27577 Sandbox Escape Expression

// Malicious expression to escape the sandbox
{{$eval('process.env')}}

3.3 CVE‑2026‑25049 Webhook Injection

// Payload for a public webhook
const { execSync } = require('child_process');
execSync('whoami');

3.4 CVE‑2026‑25053 Git Node Injection

# Malicious repository URL
https://example.com/repo.git; rm -rf /tmp/*

3.5 CVE‑2026‑25056 Merge Node File Write

-- SQL injection to write a file
SELECT * INTO OUTFILE '/var/www/html/payload.js' FROM dual;

4. Affected Versions & Attack Prerequisites

Impact Assessment

Scope & Exposure

• Organizations using n8n: Any deployment that has not applied the latest patches is vulnerable. This includes on‑premises, Docker, Kubernetes, and the n8n cloud service.
• Public Exposure: CVE‑2026‑27493 allows unauthenticated attackers to trigger RCE via publicly exposed endpoints (Contact Us form).
• Credential Theft: CVE‑2026‑25049 can read the N8N_ENCRYPTION_KEY environment variable, decrypt stored credentials, and expose API keys, database passwords, and OAuth tokens. This opens lateral movement to downstream services.
• Persistence: Attackers can drop malicious binaries via Merge node file writes or inject DLLs via MsgReceiver.exe, establishing long‑term footholds.
• Privilege Escalation: Because n8n often runs with elevated privileges, RCE can be leveraged to gain SYSTEM or root access.

Real‑World Consequences

• Data Exfiltration: Exposed credentials can lead to compromise of SaaS accounts (Slack, Google Workspace, AWS, etc.).
• Service Disruption: Arbitrary command execution can stop critical services, delete logs, or tamper with configuration files, causing outages.
• Regulatory Impact: Unauthorized data access may violate GDPR, HIPAA, or PCI‑DSS, resulting in fines and reputational damage.

Comparison to Past Incidents

• The n8n vulnerabilities allow remote code execution via untrusted input. This is a significant security risk that can be exploited by attackers to gain unauthorized access to sensitive systems and data.
• Similar to other vulnerabilities that have been discovered in the past, these flaws demonstrate the importance of regular patching and updates to prevent exploitation.

Detection & Response

Log Signatures

YARA Rule (example)

rule n8n_rce_detect
{
    meta:
        description = "Detects suspicious n8n expression payloads"
        author = "Karma-X"
        date = "2026-02-04"
    strings:
        $expr1 = /const\s*\{\s*execSync\s*\}\s*=\s*require\(\'child_process\'\);/
        $expr2 = /$eval\(\'process\.env\'\)/
    condition:
        any of them
}

Network Indicators

• Port 20001: Traffic to/from MsgReceiver.exe (CVE‑2025‑69258).
• Webhook URLs: Public endpoints without authentication headers.

Response Steps

1. Immediate Isolation: Quarantine the affected n8n instance to prevent lateral movement.
2. Credential Rotation: Rotate all API keys, database passwords, and OAuth tokens stored in n8n.
3. Permission Hardening: Restrict workflow creation/editing to a minimal set of trusted users.
4. Webhook Hardening: Disable public webhooks or enforce authentication (e.g., HMAC, JWT).
5. Privilege Reduction: Run n8n in a container with the least privilege, limiting file system access and network egress.
6. Monitoring: Enable audit logs for workflow changes, monitor for suspicious child processes, and set up SIEM alerts for the signatures above.

Mitigation & Remediation

Timeline

• February 4 2026 – SecureLayer7 blog publishes details on CVE‑2026‑25049.

Sources & References

1. SecureLayer7. “A Deep Dive into CVE‑2026‑25049.” SecureLayer7 Blog, 4 Feb 2026.
2. The Hacker News. “Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored …” 2026.
3. Daily CyberSecurity. “Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors.” 2026.
4. Purple Ops. “CVE‑2026‑25053 (CVSS 9.4) and Related Flaws Trigger RCE on n8n.” 2026.
5. Rankiteo. “Critical RCE Vulnerability in n8n Workflow Automation Platform Disclosed (CVE‑2026‑25049).” 2026.
6. n8n. “Patch Versions for CVE‑2026‑25049.” 2026.
7. n8n. “Patch Versions for CVE‑2026‑27577.” 2026.

Sources

1. Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors
2. Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored ...
3. Defending Against Critical n8n RCE Flaws: Patching Guide for CVE-2026 ...
4. A Deep Dive into CVE-2026-25049: n8n Remote Code Execution
5. CVE-2026-25053 (CVSS 9.4) and Related Flaws Trigger RCE on n8n
6. n8n: Critical n8n Vulnerability CVE-2026-25049 Enables Remote Command ...
7. Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems