CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 6 hours ago•3 views

CVE-2026-49444 n8n: Python sandbox escape

7.1CVSS0.00064EPSS

CVE•added 6 hours ago•9 views

CVE-2026-49444

CVE-2026-49444 affects n8n prior to versions 1.123.48, 2.21.8, and 2.22.4 where an authenticated user with permission to create/modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. The issue is fixed in 1.123.48...

7.1CVSS6.5AI score0.00064EPSS

Github Security Blog•added 2026/06/16 5:37 p.m.•8 views

n8n: Python sandbox escape

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. Patches The issue has bee...

7.1CVSS6.2AI score0.00064EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-50150

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.48 n8n versions prior to 2.21.8 n8n versions prior to 2.22.4 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

8.5CVSS6.5AI score0.00064EPSS

RedhatCVE•added 2026/06/05 7:16 p.m.•5 views

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

8.8CVSS6.1AI score0.00363EPSS

vulnersOsv•added 2026/05/12 9:0 p.m.•6 views

@n8n/ai-workflow-builder (>=1.10.0 <=1.20.1), @n8n/backend-common (>=1.19.0 <=1.20.1) +8 more potentially affected by CVE-2026-44792 via @n8n/api-types (>=1.0.0-rc.0 <=1.20.0)

@n8n/api-types NPM version =1.0.0-rc.0, =1.10.0, =1.19.0, =1.0.0, =1.3.0, =1.0.0, =1.19.0, =1.0.0, =2.0.0, =2.19.0, =2.19.0, =2.20.2 Source cves: CVE-2026-44792 Source advisory: SNYK:JS-N8NAPITYPES-16726403...

5.5AI score0.0004EPSS

Exploits0

NVD•added 2026/05/04 7:16 p.m.•17 views

CVE-2026-42234

8.8CVSS0.00363EPSS

Vulnrichment•added 2026/05/04 6:36 p.m.•1 views

CVE-2026-42234 n8n: Python Task Runner Sandbox Escape

ATTACKERKB•added 2026/05/04 6:36 p.m.•0 views

CVE-2026-42234

Exploits0References2Affected Software1

Cvelist•added 2026/05/04 6:36 p.m.•47 views

CVE-2026-42234 n8n: Python Task Runner Sandbox Escape

7.1CVSS0.00363EPSS

CVE•added 2026/05/04 6:36 p.m.•18 views

CVE-2026-42234

CVE-2026-42234 affects n8n, an open‑source workflow automation platform. Before versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user who can create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container....

8.8CVSS6.3AI score0.00363EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/04 6:36 p.m.•6 views

EUVD-2026-27109

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36904

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

CNNVD•added 2026/05/04 12:0 a.m.•6 views

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...

8.8CVSS6.2AI score0.00363EPSS

OSV•added 2026/04/29 9:21 p.m.•2 views

GHSA-44V6-JHGM-P3M4 n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

7.5CVSS6.3AI score0.00363EPSS

Github Security Blog•added 2026/04/29 9:21 p.m.•11 views

n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

8.8CVSS6.4AI score0.00363EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/03/26 11:3 p.m.•2 views

CVE-2026-27496

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

7.1CVSS5.8AI score0.00262EPSS

NVD•added 2026/03/25 6:16 p.m.•2 views

CVE-2026-27496

7.1CVSS0.00262EPSS

Cvelist•added 2026/03/25 5:7 p.m.•20 views

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

7.1CVSS0.00262EPSS