Primary

Context

n8n Python Task Runner Sandbox Escape Leading to Arbitrary Code Execution

Vulnerability

Patched

A vulnerability allowing authenticated users to escape the sandbox of the Python Code Node in n8n workflows has been identified. This issue, present in versions prior to 1.123.32, 2.17.4, and 2.18.1, allows for arbitrary code execution on the task runner container. The vulnerability only affects instances with the Python Task Runner enabled.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the task runner container.

Remediation

Users should upgrade to n8n versions 1.123.32, 2.17.4, or 2.18.1. If an immediate upgrade is not possible, consider limiting workflow permissions to trusted users and disabling the Python Code Node or the Python Task Runner entirely.

Added: May 4, 2026, 7:18 PM

Updated: May 4, 2026, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

10.0

exploitability

4.3

remediation

7.9

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

10.0

exploitability

4.3

remediation

7.9

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

n8n Python Task Runner Sandbox Escape Leading to Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

n8n

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating