Critical Vulnerabilities in n8n Workflow Automation Platform Enable Remote Code Execution

Cybersecurity researchers have disclosed two critical vulnerabilities in the n8n workflow automation platform. The first, CVE-2026-1470 (CVSS score 9.9), is an eval injection flaw that allows an authenticated user to bypass expression restrictions and execute remote code. These vulnerabilities were discovered by the JFrog Security Research team. The article mentions a second vulnerability but does not specify its CVE reference or full technical details. The impacts include arbitrary code execution on affected systems.