CVE-2026-24002

CVE-2026-24002 – Grist sandbox escape vulnerability affects Grist Core (Grist open-source self-hosted spreadsheet/database). The issue arises when running formulas in the Pyodide sandbox on Node.js, where the sandbox barrier is insufficient, allowing an untrusted spreadsheet to escape to host exe...

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

EUVD-2026-4212

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

Grist injection vulnerability

Grist is a modern relational spreadsheet developed by Grist Open Source. Versions of Grist prior to 1.7.9 had an injection vulnerability, which was caused by insufficient pyodide sandbox barriers. This vulnerability could allow for the execution of arbitrary processes on the server...

PT-2026-3906

Name of the Vulnerable Software and Affected Versions Grist versions prior to 1.7.9 Description Grist is spreadsheet software that utilizes Python as its formula language. When configured to run formulas in the Pyodide sandbox GRIST SANDBOX FLAVOR set to pyodide, a crafted spreadsheet formula can...

N8n < 2.0.0 Multiple Vulnerabilities

According to its banner, the version of n8n running on the remote host is 1.0.0 or later and before 2.0.0. It is, therefore, affected by multiple vulnerabilities: - An authenticated arbitrary file read and file write vulnerability - An authenticated arbitrary command execution vulnerability in...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the Pyodide-based Python Code Node, which allows an authenticated attacker with workflow modification privileges to escape the sandbox and execute arbitrary commands on the host system running n8...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668

CVE-2025-68668 affects n8n 1.x (1.0.0 up to

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the host system by creating or...

Remote Code Execution (RCE)

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrar...