CVE-2026-25115
CRITICALn8n < 2.4.8 - Authenticated Remote Code Execution via Python Code Node Sandbox Escape
Title source: llmDescription
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h
Scores
CVSS v3
9.9
EPSS
0.0053
EPSS Percentile
40.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-693
Status
published
Products (2)
n8n/n8n
< 2.4.8
npm/n8n
0 - 2.4.8npm
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026