58 matches found
CVE-2026-27494
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...
n8n Node.js Package 2.x < 2.4.8 Python Sandbox Escape (CVE-2026-25115)
The version of the n8n Node.js Package installed on the remote host is 2.x prior to 2.4.8. It is, therefore, affected by a remote code execution vulnerability: - A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code...
GHSA-8398-GMMX-564H n8n has a Python sandbox escape
Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...
n8n has a Python sandbox escape
Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...
CVE-2026-25115 n8n is vulnerable to Python sandbox escape
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...
CVE-2026-25115 n8n is vulnerable to Python sandbox escape
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...
PT-2026-6392
Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...
CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...
CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...
CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...
CVE-2025-66446
MaxKB (enterprise AI assistant) versions 2.3.1 and earlier are affected by improper file permissions that allow overwriting the built-in dynamic linker and other critical files, potentially enabling privilege escalation. The issue is fixed in version 2.4.0. Affected component: file permissions go...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the host system by creating or...
Remote Code Execution (RCE)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary...
EUVD-2014-0053
Malware in sbrugna...
EUVD-2025-26607
Malicious code in bioql PyPI...
CVE-2025-9959
Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code...
smolagents 代码注入漏洞
smolagents is a basic library for agents open-sourced by Hugging Face. A code injection vulnerability exists in smolagents that stems from an incomplete validation of the dunder attribute, which could lead to an escape from the Local Python execution environment sandbox...
CVE-2025-5874 Redash getattr python.py run_query sandbox
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...
CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori...