CVE-2026-25115

CRITICAL

n8n <2.4.8 - Code Injection

Title source: llm

Description

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

References (1)

[Vendor Advisory] https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h

Scores

CVSS v3 9.9

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-693

Status published

Products (2)

n8n/n8n < 2.4.8

npm/n8n 0 - 2.4.8npm

Published Feb 04, 2026

Tracked Since Feb 18, 2026