CVE-2026-27498 | n8n-io n8n up to 1.123.7/2.1.x Environment Variable NODES_EXCLUDE code injection (GHSA-x2mw-7j39-93xq)

A vulnerability categorized as critical has been discovered in n8n-io n8n up to 1.123.7/2.1.x. Affected by this vulnerability is an unknown functionality of the component Environment Variable Handler. Executing a manipulation of the argument NODES_EXCLUDE can lead to code injection.

This vulnerability appears as CVE-2026-27498. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More