HIGHCVE-2026-49444Published Modified CNA GitHub_M
CVE-2026-49444: n8n: Python sandbox escape
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.
Metrics
- CVSS v4.0
- 7.1
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- n8n-io / n8n< 1.123.48 · >= 2.0.0-rc.0, < 2.21.8 · >= 2.22.0, < 2.22.4
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N