CVE-2026-25115

Medienbericht

EPSS 0.53%
Veröffentlicht 04.02.2026 17:16:23
Zuletzt bearbeitet 05.02.2026 20:44:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

n8n is vulnerable to Python sandbox escape

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version < 2.4.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.403

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	9.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

05.02.2026 08:43

https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-25115

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25115

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25115

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25115