9 matches found
CVE-2026-41066
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...
CVE-2026-41066
CVE-2026-41066 affects the Python XML/HTML library lxml . In versions prior to 6.1.0, using the two parsers with the default setting resolve_entities=True allows untrusted XML input to read local files. Setting the option to resolve_entities='internal' or resolve_entities=False disables local fil...
CVE-2026-0863
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
CVE-2026-0863
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
CVE-2026-0863
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
CVE-2026-0863
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
PT-2026-3396
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.14 n8n versions prior to 2.3.5 n8n versions prior to 2.4.2 Description An issue exists in n8n that allows an attacker to bypass the python-task-executor sandbox restrictions. This bypass is achieved through the use ...