CVE-2026-27494
Python Sandbox Escape in n8n Code Node Enables Remote Code Execution
Publication date: 2026-02-25
Last updated on: 2026-03-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | to 1.123.22 (exc) |
| n8n | n8n | From 2.0.0 (inc) to 2.9.3 (exc) |
| n8n | n8n | From 2.10.0 (inc) to 2.10.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the n8n workflow automation platform prior to versions 2.10.1, 2.9.3, and 1.123.22. An authenticated user with permission to create or modify workflows could exploit the Python Code node to escape the sandbox environment. The sandbox did not sufficiently restrict access to certain built-in Python objects, which allowed the attacker to exfiltrate file contents or achieve remote code execution (RCE).
On instances using internal Task Runners (the default mode), this could lead to full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other tasks executed on the Task Runner.
The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Temporary mitigations include limiting workflow creation and editing permissions to fully trusted users and disabling the Code node by adding it to the NODES_EXCLUDE environment variable, though these do not fully remediate the risk.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with workflow creation or modification permissions to escape the Python sandbox and execute arbitrary code.
On systems using internal Task Runners, this could result in full compromise of the host running n8n, potentially allowing the attacker to control the entire system.
On systems using external Task Runners, the attacker might gain access to or interfere with other tasks running on the Task Runner, potentially disrupting operations or accessing sensitive data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, users should upgrade n8n to versions 2.10.1, 2.9.3, or 1.123.22 or later, where the issue is fixed.
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Code node by adding 'n8n-nodes-base.code' to the NODES_EXCLUDE environment variable.
Note that these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.