Description
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.
Published: 2026-06-23
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox due to a CWE‑20 (Improper Input Validation) flaw and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.

Affected Systems

The open‑source workflow automation platform n8n is affected. Versions prior to 1.123.48, 2.21.8, and 2.22.4 are vulnerable; users running these versions are at risk only if they have authenticated permissions to create or modify workflows containing Python Code Nodes. Those with no such permissions are not able to exploit this vulnerability.

Risk and Exploitability

The CVSS score of 7.1 reflects a high severity and medium- to high-level exploitation potential. The risk is limited to authenticated users who have workflow creation or editing rights, but once exploited the attacker gains unrestricted access to the task runner environment. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating that while it is serious, there is no confirmed exploitation in the wild at this time.

Generated by OpenCVE AI on June 24, 2026 at 07:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to n8n version 1.123.48, 2.21.8, 2.22.4, or later which includes the sandbox fix
  • Restrict editorial privileges so that only trusted users can create or modify workflows containing Python Code Nodes
  • Impose strict monitoring and logging on the task runner container to detect any unauthorized activity

Generated by OpenCVE AI on June 24, 2026 at 07:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9pq8-m8gp-4p53 n8n: Python sandbox escape
History

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.
Title n8n: Python sandbox escape
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:33:53.880Z

Reserved: 2026-05-30T02:43:33.106Z

Link: CVE-2026-49444

cve-icon Vulnrichment

Updated: 2026-06-23T17:33:50.508Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T07:45:04Z

Weaknesses
  • CWE-20

    Improper Input Validation