Description
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.

If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
Published: 2026-01-18
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An attacker can subvert n8n's Python task executor sandbox by exploiting string formatting in exception handling, enabling arbitrary Python code to run with privileges of the underlying operating system. The vulnerability is triggered through the built‑in Code block node by an authenticated user with basic permissions and can grant full control over an n8n instance when it operates in its default internal execution mode.

Affected Systems

All deployments of the n8n workflow automation platform that include the built‑in Code block node, regardless of execution mode. The issue applies to n8n running on Node.js environments and is present in the versions that have not yet incorporated the commit that removes the sandbox vulnerability.

Risk and Exploitability

The vulnerability scores a high CVSS 8.5 and an EPSS of less than 1%, indicating a technically severe flaw but a presently low probability of exploitation. It is not listed in the CISA KEV catalog. An attacker requires authenticated access to create or edit a Code block and can then trigger the sandbox escape, leading to arbitrary code execution in the underlying host on Internal execution mode, or restricted execution within a Sidecar container on External execution mode. The impact thus varies with configuration but remains significant, especially in Internal mode.

Generated by OpenCVE AI on April 18, 2026 at 05:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to a version that includes the sandbox fix referenced by commit b73a4283cb14e0f27ce19692326f362c7bf3da02 or later.
  • Restrict the creation and modification of Code block nodes to administrative users; disable or tightly limit them for users with basic permissions.
  • Reconfigure the workflow engine to operate in External execution mode or a dedicated sidecar container to contain potential exploits within an isolated environment.

Generated by OpenCVE AI on April 18, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*

Fri, 23 Jan 2026 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Sun, 18 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
Description Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
Title Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.
Weaknesses CWE-95
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: JFROG

Published:

Updated: 2026-01-23T17:58:14.442Z

Reserved: 2026-01-12T15:16:43.100Z

Link: CVE-2026-0863

cve-icon Vulnrichment

Updated: 2026-01-23T17:58:14.442Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-18T16:15:50.450

Modified: 2026-02-10T17:23:41.550

Link: CVE-2026-0863

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:30:25Z

Weaknesses