Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Published: 2026-05-04
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an authenticated user with workflow edit rights to escape the Python task runner sandbox and execute arbitrary code on the container running the task runner. This results in remote code execution within the task runner environment, potentially compromising the host if privileges are high. The weakness is a code injection flaw (CWE‑94).

Affected Systems

The affected product is n8n by n8n‑io. All installations running n8n versions older than 1.123.32, 2.17.4, or 2.18.1 that have the Python Task Runner enabled are susceptible. Only the workflow automation platform itself is impacted; downstream applications may be affected if they interact with the compromised task runner.

Risk and Exploitability

CVSS base score of 7.1 indicates a high severity. EPSS is not available, but the vulnerability is not listed in CISA KEV, suggesting it may not yet be widely exploited. An attacker must be an authenticated user with permission to create or modify workflows, which is a relatively high-privilege condition. If such a user exists, they can trigger the sandbox escape and run malicious code on the task runner container.

Generated by OpenCVE AI on May 4, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch by upgrading n8n to version 1.123.32 or newer, 2.17.4 or newer, or 2.18.1 or newer;
  • If upgrading is not possible, disable the Python Task Runner component to eliminate the attack surface, and revert any existing Python Code Node workflows to safe alternatives;
  • Revise user permissions so that only trusted personnel can create or modify workflows; monitor workflow changes for suspicious activity.

Generated by OpenCVE AI on May 4, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-44v6-jhgm-p3m4 n8n has a Python Task Runner Sandbox Escape Vulnerability
History

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*
cpe:2.3:a:n8n:n8n:2.18.0:*:*:*:enterprise:node.js:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 05 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Tue, 05 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title n8n: Python Task Runner Sandbox Escape
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T12:40:54.516Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42234

cve-icon Vulnrichment

Updated: 2026-05-05T12:40:51.929Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T19:16:06.017

Modified: 2026-05-06T18:05:52.343

Link: CVE-2026-42234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:45:15Z

Weaknesses