n8n Patches More Critical Command Injection and Sandbox Escape Flaws
Take action: Update your self-hosted n8n instances to version 2.7.1 immediately. There are a bunch of critical flaws and they are going to be exploited soon. If you can't update, disable the Python Code node and move Task Runners to external mode to isolate potential exploits from your main process.
Learn More
n8n, the open-source workflow automation platform, has released more urgent security patches addressing multiple critical vulnerabilities. These flaws allow authenticated attackers to bypass security boundaries, execute arbitrary system commands, and access sensitive files on the host server.
Vulnerabilities summary:
- CVE-2026-25115 (CVSS score 9.4) - A Python sandbox escape in the Code node that allows authenticated users to run code outside the intended security boundary. By exploiting the Python environment when Task Runners are enabled, an attacker can bypass isolation to access the host system or sidecar container. This flaw defeats the security controls intended to restrict script execution to a limited environment, leading to full system compromise.
- CVE-2026-21893 (CVSS score 9.4) - A command injection vulnerability in the community package installation functionality. Authenticated administrators can inject malicious system commands during the installation of third-party packages. This allows for full host compromise, although it requires high-level privileges to execute.
- CVE-2026-25053 (CVSS score 9.4) - A vulnerability allowing the execution of system commands or unauthorized reading of arbitrary files. Attackers can use this flaw to gain access to sensitive configuration data or system-level binaries. The impact includes full system takeover or significant data exfiltration.
- CVE-2026-25052 (CVSS score 9.4) - Insufficient file access controls that allow for the manipulation of existing workflows. Attackers can modify automated processes to redirect data or inject malicious steps into production pipelines.
- CVE-2026-25056 (CVSS score 9.4) - An arbitrary file write vulnerability that allows attackers to create or modify files on the server. This can be used to overwrite critical system files or plant persistent backdoors.
Successful exploitation of these flaws leads to system compromise, including remote code execution (RCE) and unauthorized data access. Attackers can steal API keys, database credentials, and understand internal workflow logic stored within the n8n instance.
Because n8n often connects to various SaaS platforms and internal databases, a compromise serves as a gateway to the broader corporate infrastructure, potentially exposing third-party service tokens and customer data.
The vulnerabilities versions prior to 1.123.18 and 2.5.2. Users running self-hosted instances with Python enabled or community packages active are at the highest risk.
Organizations should immediately update to n8n version 2.7.1 or the latest patched releases in their respective branches, such as 1.123.18 or 2.5.2. If immediate patching is not possible, administrators should disable the Code Node by adding 'n8n-nodes-base.code' to the NODES_EXCLUDE environment variable. Additionally, running Task Runners in 'external' mode provides better isolation by executing untrusted code in a separate sidecar container rather than within the main n8n process.
