CVE-2025-68668
Sandbox Bypass in n8n Python Code Node Enables RCE
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a sandbox bypass in the Python Code Node of the n8n workflow automation platform (versions 1.0.0 to before 2.0.0). An authenticated user with permission to create or modify workflows can exploit it to execute arbitrary commands on the host system running n8n, with the same privileges as the n8n process. It arises because the sandbox meant to restrict Python code execution can be bypassed.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an authenticated user to execute arbitrary commands on the host system with the privileges of the n8n process. This can lead to unauthorized access, data compromise, system manipulation, or disruption of services running on the affected host.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade n8n to version 2.0.0 or later where the issue is patched. Alternatively, apply workarounds by disabling the Code Node via the environment variable NODES_EXCLUDE set to '["n8n-nodes-base.code"]', disable Python support in the Code Node by setting N8N_PYTHON_ENABLED=false (available since version 1.104.0), or configure n8n to use the task runner based Python sandbox by setting the environment variables N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER accordingly.