CVE-2026-25115 in n8n
Summary
by MITRE • 02/04/2026
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/14/2026
The vulnerability identified as CVE-2026-25115 affects n8n, an open source workflow automation platform that enables users to create automated workflows through visual interfaces. This platform is widely used for connecting different applications and services through customizable nodes, with the Python Code node being a particularly powerful feature that allows users to execute custom Python scripts within the workflow environment. The vulnerability specifically targets the sandboxing mechanism implemented for the Python Code node, which is designed to isolate user code execution and prevent unauthorized access to system resources or other workflows.
The technical flaw in this vulnerability stems from inadequate sandboxing controls within the Python Code node implementation. When authenticated users execute Python code through this node, the sandbox environment fails to properly contain the execution context, allowing malicious or unintended code to escape the restricted environment. This breakout capability enables attackers to execute arbitrary commands beyond the intended security boundaries, potentially gaining access to system resources, file systems, or other workflow components that should remain isolated. The vulnerability represents a critical sandbox escape issue that directly violates the fundamental security principle of process isolation and privilege separation. According to CWE classification, this corresponds to CWE-242, "Use of Insecure Function," and CWE-94, "Improper Control of Generation of Code," which are common categories for sandbox bypass vulnerabilities in interpreted languages.
The operational impact of this vulnerability is significant for organizations relying on n8n for workflow automation, as it provides a pathway for authenticated attackers to escalate privileges and potentially compromise the entire automation platform. An attacker who can authenticate to the n8n system could leverage this vulnerability to execute arbitrary code on the host system, potentially leading to data breaches, system compromise, or lateral movement within the network. The vulnerability affects all versions prior to 2.4.8, meaning organizations using older versions are exposed to this risk. The attack surface expands when considering that n8n workflows often integrate with various enterprise systems, databases, and APIs, making the potential damage from code execution much broader than a simple sandbox escape. This vulnerability aligns with ATT&CK technique T1059.001 for "Command and Scripting Interpreter: Python" and T1566.001 for "Phishing: Spearphishing Attachment," as it enables an attacker to execute malicious payloads through legitimate workflow automation channels.
Organizations should immediately upgrade to n8n version 2.4.8 or later to remediate this vulnerability, as this release includes patched sandboxing controls that properly contain Python code execution within the intended security boundaries. System administrators should also implement additional monitoring for suspicious workflow execution patterns and code modifications, particularly in environments where multiple users have access to the platform. The mitigation strategy should include reviewing access controls to ensure that only trusted users can execute code within the Python Code node, implementing network segmentation to limit potential lateral movement, and conducting regular security assessments of workflow configurations. Security teams should also consider implementing runtime application self-protection measures and code analysis tools to detect potentially malicious code patterns in workflow automation scripts. The vulnerability demonstrates the critical importance of proper sandboxing implementation in interpreted language environments and highlights the need for comprehensive security testing of automation platforms that execute user-provided code.