HIGHCVE-2026-42234Published 2026-05-04Modified 2026-05-05CNA GitHub_M

CVE-2026-42234: n8n: Python Task Runner Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n8n-io / n8n
< 1.123.32 · >= 2.17.0, < 2.17.4 · >= 2.18.0, < 2.18.1

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4

Metrics