20260106-thehackernews.com-ccd8f | Perceptive Security

< Back to index

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Published:

6 January 2026 at 05:08:00

Alert date:

6 January 2026 at 06:02:21

Source:

thehackernews.com

Enterprise Applications, Zero-Day Vulnerabilities

A critical security vulnerability CVE-2025-68668 has been discovered in n8n, an open-source workflow automation platform. The vulnerability has a CVSS score of 9.9 and allows authenticated attackers to execute arbitrary system commands on the underlying host. It is described as a protection mechanism failure affecting multiple versions of n8n. The high CVSS score indicates this is a severe security issue that could lead to complete system compromise.

Technical details

A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide in n8n workflow automation platform. The vulnerability is classified as a protection mechanism failure that allows authenticated users with workflow creation/modification permissions to execute arbitrary operating system commands on the host system running n8n, using the same privileges as the n8n process. The issue affects the Python Code Node implementation and can be exploited by authenticated users to break out of the intended sandbox environment.

Mitigation steps:

Update to n8n version 2.0.0 or later
Disable the Code Node by setting environment variable NODES_EXCLUDE: '["n8n-nodes-base.code"]'
Disable Python support in the Code node by setting environment variable N8N_PYTHON_ENABLED=false
Configure n8n to use the task runner-based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables

Affected products:

n8n versions 1.0.0 up to but not including 2.0.0