Skip to main content

n8n CVE-2026-42234

| EUVDEUVD-2026-27109 HIGH
Code Injection (CWE-94)
2026-04-29 https://github.com/n8n-io/n8n GHSA-44v6-jhgm-p3m4
7.1
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch available
May 04, 2026 - 20:01 EUVD
Re-analysis Queued
May 04, 2026 - 19:22 vuln.today
cvss_changed
CVSS changed
May 04, 2026 - 19:22 NVD
7.5 (HIGH) 7.1 (HIGH)
Source Code Evidence Fetched
Apr 29, 2026 - 22:01 vuln.today
Analysis Generated
Apr 29, 2026 - 22:01 vuln.today
Analysis Generated
Apr 29, 2026 - 21:30 vuln.today
CVE Published
Apr 29, 2026 - 21:21 nvd
HIGH 7.5

DescriptionGitHub Advisory

Impact

An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.

  • This issue only affects instances where the Python Task Runner is enabled.

Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.
  • Disable the Python Code node by adding n8n-nodes-base.code to the NODES_EXCLUDE environment variable, or disable the Python Task Runner entirely.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Sandbox escape in n8n's Python Task Runner enables authenticated workflow editors to execute arbitrary code on the task runner container. This vulnerability (CWE-94: Improper Control of Generation of Code) affects n8n instances with the Python Code Node feature enabled, allowing attackers with workflow creation/modification permissions to break out of the Python sandbox. Vendor-released patches are available in versions 1.123.32, 2.17.4, and 2.18.1. No public exploit identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for exploitation by authenticated users.

Technical ContextAI

n8n is a workflow automation platform (npm package n8n) that includes a Python Code Node for executing Python scripts within workflows. The Python Task Runner executes this code in a sandboxed container environment to prevent unauthorized system access. This vulnerability (CWE-94: Improper Control of Generation of Code / Code Injection) represents a sandbox escape flaw in the Python Task Runner implementation. The affected component allows authenticated users to bypass sandbox restrictions through crafted Python code within workflow nodes, achieving arbitrary code execution at the container level. The vulnerability is specific to the Python Task Runner feature - installations not using this feature or those with the Python Code node disabled are not affected. The affected npm package versions span three release branches: legacy 1.x (< 1.123.32), and current 2.x branches (2.17.0-2.17.3 and 2.18.0).

RemediationAI

Upgrade n8n to a patched version immediately: version 1.123.32 for users on the 1.x branch, version 2.17.4 for those on 2.17.x, or version 2.18.1 for those on 2.18.x or later. Vendor-released patches are confirmed in these versions per GitHub advisory GHSA-44v6-jhgm-p3m4. If immediate upgrade is not feasible, implement compensating controls with awareness of their limitations: restrict workflow creation and editing permissions to only fully trusted administrators (reduces attack surface but increases operational friction and may conflict with legitimate use cases), disable the Python Code node by adding n8n-nodes-base.code to the NODES_EXCLUDE environment variable (eliminates Python execution capability but breaks workflows dependent on Python nodes), or disable the Python Task Runner entirely via configuration (same impact as disabling the node). The vendor explicitly states these workarounds 'do not fully remediate the risk' and should only be temporary measures. Organizations should audit existing workflows for suspicious Python code during the remediation window, review user accounts with workflow edit permissions, and monitor task runner container logs for unusual activity. No other mitigations fully address the sandbox escape without patching.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-42234 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy