Summary: JFrog researchers have surfaced a pair of critical vulnerabilities in n8n, a popular workflow automation platform utilized for AI-driven tasks. The most severe, CVE-2026-1470 (CVSS 9.9), allows remote attackers to execute arbitrary JavaScript code by exploiting the way the platform handles LLM-generated inputs within its execution sandbox.
Business Impact: Extreme. Many enterprises use n8n to automate sensitive business processes (e.g., HR, Finance, DevSecOps). An RCE here grants attackers full access to your automation “brain,” allowing them to steal API keys, exfiltrate data, or pivot into other connected SaaS tools.
Why It Happened: The platform failed to sufficiently sanitize inputs before passing them to the execution engine, particularly when those inputs were processed or generated by an integrated Large Language Model (LLM).
Recommended Executive Action: Update all self-hosted n8n instances to version 1.74.2 or higher immediately. For cloud-hosted versions, verify with the vendor that the patch has been applied and rotate any high-privilege credentials used in your workflows.
Hashtags: #n8n #AISecurity #RCE #AutomationRisk #CVE20261470 #InfoSec