PT-2026-36904 · N8N · N8N

Dorjoos

Published

2026-04-22

Updated

2026-05-04

CVE-2026-42234

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1

Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary code execution on the task runner container. This issue specifically affects instances where the Python Task Runner is enabled.

Recommendations Update to version 1.123.32. Update to version 2.17.4. Update to version 2.18.1. As a temporary mitigation, disable the Python Task Runner.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2026-06928

CVE-2026-42234

GHSA-44V6-JHGM-P3M4

Affected Products

N8N

PT-2026-36904 · N8N · N8N

CVE-2026-42234

Weakness Enumeration

Related Identifiers

Affected Products

References · 7