Critical n8n Vulnerability Allows Remote Code Execution Through Workflow Sandboxes

CyberDefender 3 mins0

Severity: Critical (CVSS ~9.9)
Affected Component: n8n JavaScript expression evaluation engine

This vulnerability stems from weaknesses in the sandbox used to evaluate embedded expressions ({{ }}) inside workflows. By crafting malicious expressions, an attacker can bypass sandbox restrictions and force n8n to execute arbitrary JavaScript code.

Impact

A remote, authenticated user with minimal privileges can exploit this flaw to execute code directly on the n8n host system.
If successfully abused, the attacker could fully compromise the server—accessing sensitive data, modifying workflows, and performing system-level actions.

Technical Details

The issue is caused by insufficient validation and sanitization of unsafe Abstract Syntax Tree (AST) patterns. This allows specially crafted JavaScript expressions to escape the intended sandbox controls and run outside of their restricted environment.

Mitigation

Upgrade n8n immediately to a patched version:

  • 1.123.17
  • 2.4.5
  • 2.5.1
    (or any later release)

CVE-2026-0863 — High-Severity Python Sandbox Escape

Overview

Severity: High (CVSS ~8.5)
Affected Component: n8n Python task executor sandbox

This vulnerability allows attackers to bypass Python sandbox protections and execute arbitrary Python code within workflow “Code” blocks.

Impact

Any authenticated user with basic workflow permissions can exploit this issue to escape the Python sandbox.

  • In Internal execution mode, this can result in a full takeover of the n8n instance.
  • In External execution mode (such as Docker-based setups), code execution is limited to the sidecar container, reducing—but not completely removing—the risk.

Technical Details

The flaw arises from how string formatting and exception handling are processed within the Python sandbox. These weaknesses can be abused to break out of the restricted environment and run unauthorized code.

Mitigation

Update n8n to one of the following fixed versions:

  • 1.123.14
  • 2.3.5
  • 2.4.2
    (or any later release)

Key Takeaways & Best Practices

  • Patch immediately: Both vulnerabilities enable code execution and pose a serious risk to systems managed by n8n.
  • Use External Execution Mode: Running workflows in isolated executors (such as Docker containers) significantly limits blast radius—especially for CVE-2026-0863.
  • Tighten access controls: Restrict who can create or modify workflows, as exploitation requires authenticated access.

CyberDefender