Two high-severity vulnerabilities in the n8n workflow automation platform could lead to remote code execution by authenticated users. Discovered by JFrog Security Research, these vulnerabilities include CVE-2026-1470 (eval injection, CVSS 9.9) and CVE-2026-0863 (Python task executor bypass, CVSS 8.5). Exploiting these flaws may allow attackers to gain full control of n8n instances, especially in internal execution mode. Users are advised to update to specific safe versions to mitigate these risks.
https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html

