PT-2026-54049 · N8N · N8N

Mistz1

·

Publicado

2026-06-30

·

Atualizado

2026-06-30

·

CVE-2026-56777

CVSS v3.1

5.0

Média

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module namespace. The issue only affects self-hosted instances where the Python Task Runner is enabled; where N8N BLOCK RUNNER ENV ACCESS is configured to allow it, this can disclose environment variables accessible to the task runner process.

Correção

Incomplete List of Disallowed Inputs

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56777

Produtos afetados

N8N