CVE-2026-0863

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.14 n8n versions prior to 2.3.5 n8n versions prior to 2.4.2

Description An issue exists in n8n’s python-task-executor that allows an attacker to bypass sandbox restrictions. By using string formatting and exception handling, an attacker can execute arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions. If n8n is operating in "Internal" execution mode, a full instance takeover is possible. If operating in "External" execution mode, arbitrary code execution occurs inside a Sidecar container.

Recommendations Update n8n to version 1.123.14 or later. Update n8n to version 2.3.5 or later. Update n8n to version 2.4.2 or later.