Skip to main content

n8n CVE-2026-56777

| EUVDEUVD-2026-40453 MEDIUM
Incomplete List of Disallowed Inputs (CWE-184)
2026-06-30 VulnCheck GHSA-x2rh-rhm8-cv8v
5.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Authenticated workflow editor required (PR:L); confidentiality limited to env vars in runner process (C:L); no integrity or availability impact; scope unchanged.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 02:16 EUVD
Analysis Generated
Jun 30, 2026 - 23:21 vuln.today

DescriptionCVE.org

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module namespace. The issue only affects self-hosted instances where the Python Task Runner is enabled; where N8N_BLOCK_RUNNER_ENV_ACCESS is configured to allow it, this can disclose environment variables accessible to the task runner process.

AnalysisAI

The Python Code node in n8n allows authenticated workflow editors to bypass the AST security validator by crafting Python code that evades an incomplete blocklist (CWE-184), reaching the task executor module namespace. Affected self-hosted n8n deployments running versions before 2.25.7 or 2.26.x before 2.26.2 with the Python Task Runner enabled are exposed to environment variable disclosure when N8N_BLOCK_RUNNER_ENV_ACCESS is not set to restrict access, potentially leaking API keys, database credentials, or other secrets injected at process startup. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to self-hosted n8n instance
Delivery
Open or create workflow with Python Code node
Exploit
Craft AST payload evading blocklist validator
Execution
Execute payload via Python Task Runner
Impact
Read environment variables from runner process namespace

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following to be simultaneously true: (1) the n8n instance must be self-hosted - cloud-hosted n8n.cloud deployments are explicitly out of scope per the advisory; (2) the Python Task Runner must be enabled in the deployment configuration (this is not the default for most n8n installations); (3) N8N_BLOCK_RUNNER_ENV_ACCESS must be set to a permissive value rather than the restrictive setting that blocks runner environment access; and (4) the attacker must be an authenticated user holding permission to create or modify workflows that include Python Code nodes (PR:L per the CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 score of 5.3 (Medium) with vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N reflects network-accessible exploitation by a low-privileged user with limited confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated n8n user with workflow-edit rights opens or creates a workflow and inserts a Python Code node containing an AST construct specifically shaped to pass the incomplete blocklist validator while still referencing the task executor's module namespace at runtime. On a self-hosted instance where the Python Task Runner is active and N8N_BLOCK_RUNNER_ENV_ACCESS is permissive, the script executes and enumerates environment variables - potentially exposing database passwords, third-party API keys, or internal service tokens injected at container or process startup. …
Remediation Upgrade n8n to version 2.25.7 or later on the 2.25.x track, or to 2.26.2 or later on the 2.26.x track, per the vendor security advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-jwm3-qcfw-c5pp. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-56777 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy