CVE-2026-25115

Medienbericht

EPSS 0.05%
Veröffentlicht 04.02.2026 17:16:23
Zuletzt bearbeitet 05.02.2026 20:44:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version < 2.4.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	9.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://www.heise.de/news/Automatisierungstool-n8n-Weitere-kritische-Luecken-gestopft-11165845.html

Medienbericht

heise Security

05.02.2026 08:43

https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-25115

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25115

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25115

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25115