CVE-2026-49444

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

CVE-2026-48519

Langflow CVE-2026-48519 exposes unauthenticated RCE via the Shareable Playground. Affected: Langflow prior to 1.9.2. Vulnerable route: /api/v1/build_public_tmp permits executing any public flow; payloads can inject arbitrary Python code into data.nodes[X].data.node.template.code.value. Impact is ...

CVE-2026-49444 n8n: Python sandbox escape

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

CVE-2026-49444

CVE-2026-49444 affects n8n prior to versions 1.123.48, 2.21.8, and 2.22.4 where an authenticated user with permission to create/modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. The issue is fixed in 1.123.48...

EUVD-2026-38481

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

Wazuh - Unsafe Deserialization Remote Code Execution

A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...

n8n: Python sandbox escape

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. Patches The issue has bee...

Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

PT-2026-50150

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.48 n8n versions prior to 2.21.8 n8n versions prior to 2.22.4 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

CVE-2026-42851

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, or a remote attacker who can control output displayed in the terminal, could exploit this vulnerability. By sending specially crafted input to the terminal, the attacker can cause Kitty to execute arbitrary Python...

PT-2026-47432

Name of the Vulnerable Software and Affected Versions AgentCore CLI versions prior to 0.14.2 Description Improper neutralization of triple-quote characters during Python code generation allows an authenticated remote actor to execute arbitrary code. This occurs when a crafted...

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

EUVD-2026-32635

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...

CVE-2026-44888 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

PT-2026-44076

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTP PORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minute...

PT-2026-44075

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...

CVE-2026-5843 Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

Exploit for CVE-2026-45672

CVE-2026-45672 Overview The Open WebUI platform, designe...