Marcopolopie

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 **Description** An authenticated user with permission to create or modify workflows could exploit the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, potentially allowing an attacker to exfiltrate file contents or achieve Remote Code Execution (RCE). On instances using internal Task Runners (default runner mode), this could lead to a full compromise of the n8n host. On instances using external Task Runners, an attacker might gain access to or impact other tasks executed on the Task Runner. Task Runners must be enabled using the `N8N RUNNERS ENABLED` variable. **Recommendations** Upgrade to n8n version 2.10.1 or later. Upgrade to n8n version 2.9.3 or later. Upgrade to n8n version 1.123.22 or later. If upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only. If upgrading is not immediately possible, disable the Code node by adding `n8n-nodes-base.code` to the `NODES EXCLUDE` environment variable.

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 2.4.8 **Description** n8n is a workflow automation platform. A flaw in the Python Code node allows authenticated users to bypass the Python sandbox and run code outside the intended security limits. The vulnerability allows for arbitrary code execution on the host system. **Recommendations** Update to version 2.4.8 or later.