CVE-2026-1470
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-1470
- https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f
- https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4
- https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
- https://github.com/n8n-io/n8n
- https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce
Verify integrity in audit chain (admin only). AS-IS.