What is the CVSS score of CVE-2026-0863?

CVE-2026-0863 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Python are affected by CVE-2026-0863?

CVE-2026-0863 presents significant security risk, a eval injection vulnerability rated CVSS 8.5.. A patch is available.

Is there a public PoC exploit available for CVE-2026-0863?

Yes, a public proof-of-concept exploit is available for CVE-2026-0863. Prioritise patching immediately. EPSS: 0.0%.

Python CVE-2026-0863

HIGH

Eval Injection (CWE-95)

2026-01-18 reefs@jfrog.com

Python Docker AI / ML N8n

8.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 17:23 vuln.today

Public exploit code

Patch released

Feb 10, 2026 - 17:23 nvd

Patch available

CVE Published

Jan 18, 2026 - 16:15 nvd

HIGH 8.5

DescriptionNVD

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.

If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

AnalysisAI

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox restrictions and execute arbitrary code on the underlying operating system, with full instance takeover possible in Internal execution mode. Public exploit code exists for this vulnerability, which affects n8n deployments running under Internal execution mode where the Python executor has direct OS access. …

RemediationAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0863 vulnerability details – vuln.today

Back

Python CVE-2026-0863

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code