CVE-2026-0863

Exploit

EPSS 8.5%
Veröffentlicht 18.01.2026 15:37:07
Zuletzt bearbeitet 10.02.2026 17:23:41
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.

If the instance is operating under the  "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version <= 1.123.14

N8n ≫ N8n SwPlatformnode.js Version >= 2.0.0 <= 2.3.5

N8n ≫ N8n SwPlatformnode.js Version >= 2.4.0 <= 2.4.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.5%	0.943

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
reefs@jfrog.com	8.5	1.8	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077/

Third Party Advisory

Exploit

https://github.com/n8n-io/n8n/commit/b73a4283cb14e0f27ce19692326f362c7bf3da02

Patch

https://www.smartkeyss.com/post/cve-2026-0863-python-sandbox-escape-in-n8n-via-exception-formatting-and-implicit-code-execution

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-0863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0863

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-0863