Critical RCE vulnerability in n8n
Why certain code patterns can allow attackers to execute arbitrary code on your server
What is this issue?
Remote Code Execution (RCE) vulnerabilities occur when malicious code patterns attempt to escape n8n's sandbox environment. These patterns can give attackers full control over your n8n server.
Dangerous patterns detected:
•process.env access for environment variable extraction•child_process or spawn for system command execution•constructor.constructor sandbox escape attempts•require() with dangerous modules like fs or child_process
Why is this dangerous?
Full server compromise
Successful RCE allows attackers to execute any command on your n8n server with full privileges.
Data exfiltration
Attackers can read all files, databases, and secrets accessible from the server.
Lateral movement
A compromised n8n server can be used to attack other systems in your network.
Persistent access
Attackers can install backdoors in your server for continued access.
How to fix it
- 1
Remove dangerous patterns
Immediately remove any Code node containing process, child_process, require, or constructor.constructor patterns.
- 2
Update n8n
Ensure you're running the latest n8n version with security patches applied.
- 3
Audit imported workflows
Never import workflows from untrusted sources. Always review Code nodes before running.
- 4
Enable security settings
Configure N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES and N8N_BLOCK_ENV_ACCESS_IN_NODE environment variables.
Scan your workflow now
Upload your n8n workflow JSON and instantly detect dangerous RCE patterns and sandbox escape attempts.