CVE-2026-0863
Unknown Unknown - Not Provided
Sandbox Bypass in n8n Python Executor Enables Full Code Execution

Publication date: 2026-01-18

Last updated on: 2026-02-10

Assigner: JFrog

Description
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-18
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0863
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.14 (inc)
n8n n8n From 2.0.0 (inc) to 2.3.5 (inc)
n8n n8n From 2.4.0 (inc) to 2.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0863 is a high-severity sandbox escape vulnerability in the n8n Python task runner component. It allows an attacker to bypass sandbox restrictions in the python-task-executor by exploiting string formatting and exception handling techniques. This enables the attacker to run arbitrary unrestricted Python code on the underlying operating system. Exploitation requires an authenticated user with basic permissions to run malicious code within a Python (Native) Code block. [2]

Impact Analysis

If the n8n instance is running in 'Internal' execution mode, this vulnerability can lead to a full instance takeover, allowing the attacker complete control over the n8n environment. If running in 'External' execution mode (such as the official Docker image), arbitrary code execution is limited to a Sidecar container, which significantly reduces the impact but still allows code execution within that container. [2]

Detection Guidance

Detection can involve monitoring for unusual execution of Python code within n8n's Python (Native) Code block by authenticated users with basic permissions. Specifically, look for execution patterns that use string formatting and exception handling to bypass sandbox restrictions. A proof-of-concept exploit runs the 'uname' command via Python's os module. You can check for suspicious Python tasks or logs indicating execution of system commands like 'uname'. For example, monitoring logs for Python code execution or running commands to detect processes invoking 'uname' or other system commands from n8n's environment may help. However, no specific detection commands are provided. [2]

Mitigation Strategies

Immediate mitigation steps include upgrading n8n to a fixed version beyond the affected versions (prior to 1.123.14, versions in [2.0.0, 2.3.5), and [2.4.0, 2.4.2)). If upgrading is not immediately possible, running n8n in 'External' execution mode (such as using the official Docker image) reduces the impact by confining arbitrary code execution to a Sidecar container rather than the main node. Restrict authenticated user permissions to prevent use of the Python (Native) Code block by users with basic permissions. Monitor and audit usage of Python code blocks until a patch is applied. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0863. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart