CVE-2026-0863
Sandbox Bypass in n8n Python Executor Enables Full Code Execution
Description
Description
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.
The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.
If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| n8n-io | n8n | 2.4.1 |
| n8n-io | n8n | 2.4.0 |
| n8n-io | n8n | 2.3.5 |
| n8n-io | n8n | 1.123.14 |
| n8n-io | n8n | 2.4.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
How can this vulnerability be detected on my network or system? Can you suggest some commands?
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2026-01-18
CVE Last Modified Date:
2026-01-18
Report Generation Date:
2026-01-21
AI Powered Q&A Generation:
2026-01-19
EPSS Last Evaluated Date:
2026-01-21
NVD Report Link: