CVE-2026-27493 | n8n-io n8n up to 1.123.21/2.9.2/2.10.0 Environment Variable NODES_EXCLUDE code injection (ID 19)

Inserito da Angelo Barbosa | Feb 26, 2026 | CVE

A vulnerability, which was classified as critical, has been found in n8n-io n8n up to 1.123.21/2.9.2/2.10.0. The impacted element is an unknown function of the component Environment Variable Handler. The manipulation of the argument NODES_EXCLUDE leads to code injection.

This vulnerability is referenced as CVE-2026-27493. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-27493 | n8n-io n8n up to 1.123.21/2.9.2/2.10.0 Environment Variable NODES_EXCLUDE code injection (ID 19)

Post correlati

CVE-2024-5816 | GitHub Enterprise Server up to 3.9.16/3.10.13/3.11.11/3.12.5/3.13.0 authorization

CVE-2024-5163 | TECNO com.transsion.carlcare 5.8.1.4 Setting permission

CVE-2024-57162 | Campcodes Cybercafe Management System 1.0 view-user-detail.php sql injection

CVE-2024-34586 | Samsung Devices up to SMR Feb-2021 Release 1 KnoxCustomManagerService insufficient permissions or privileges