js · n8nCritical
n8n Python Code Node Sandbox Escape Allows Arbitrary Code Execution
A security vulnerability in n8n allows authenticated users with permission to create or modify workflows containing a Python Code Node to escape the sandbox and
What changed
A security vulnerability in n8n allows authenticated users with permission to create or modify workflows containing a Python Code Node to escape the sandbox and achieve arbitrary code execution on the task runner container.
Who it affects
All n8n instances with the Python Task Runner enabled, where users have permissions to create or modify workflows.
What to do today
Upgrade n8n to version 1.123.48, 2.21.8, or 2.22.4 or later. If immediate upgrade is not possible, limit workflow creation permissions, disable the Python Code node via NODES_EXCLUDE, or disable the Python Task Runner.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · n8n