This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: n8n Workflow Automation has a critical isolation flaw in its expression evaluation system. π₯ **Consequences**: Attackers can achieve **Remote Code Execution (RCE)**, completely compromising the server.β¦
π‘οΈ **Root Cause**: **CWE-913** (Overly Complex System). The isolation between the workflow expression evaluator and the host environment is insufficient. β οΈ It allows malicious expressions to break out of their sandbox.
Q3Who is affected? (Versions/Components)
π¦ **Affected Versions**: β’ 0.211.0 to 1.120.4 β’ 1.121.1 β’ 1.122.0 (and earlier) π’ **Vendor**: n8n-io. If you use these versions, you are in the danger zone! π―
Q4What can hackers do? (Privileges/Data)
π **Attacker Power**: Full **RCE**! π₯οΈ Hackers can execute arbitrary commands on the server. They can steal data, install backdoors, or pivot to other internal systems.β¦
π£ **Public Exploits**: **YES**. Multiple PoCs are live on GitHub (e.g., rxerium, Ashwesker, TheStingR). Wild exploitation is highly likely. π The community has already released scanners and full exploits.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Check your n8n version immediately! π 2. Use the provided GitHub PoC scanners to detect vulnerability. π 3. Look for unusual workflow expressions or unexpected server processes. π