top of page

Multiple Critical n8n Vulnerabilities Allow Sandbox Escape, Arbitrary File Access, and RCE

January 9th, 2026

Critical

Our Cyber Threat Intelligence Unit has identified multiple critical vulnerabilities affecting n8n, an open-source workflow automation platform widely used to integrate business systems and automate operational processes. The vulnerabilities, tracked as CVE-2025-68668, CVE-2026-21858, and CVE-2026-21877, collectively expose affected n8n deployments to arbitrary command execution, unauthorized file access, and full workflow compromise. The most severe issues stem from insufficient sandbox isolation, unsafe file handling, and improper access controls within workflow execution logic. Adversaries can exploit these vulnerabilities by leveraging authenticated workflow-creation privileges or, in certain configurations, unauthenticated access to exposed workflows, enabling direct interaction with the underlying host operating system. Public security advisories and independent technical analyses confirm that successful exploitation can result in arbitrary file read/write operations, execution of operating system commands with n8n service privileges, and complete compromise of automation environments that often integrate sensitive enterprise systems. Two of the disclosed vulnerabilities have a CVSS score of 10.0, reflecting their severe nature and high operational impact. Given the availability of detailed exploit paths and increasing awareness, organizations running vulnerable n8n versions should consider this a critical risk requiring immediate remediation. 

Technical Details

  • Severity: Critical (CVSS 9.9 – 10.0)

  • CVE IDs:

    • CVE-2025-68668 (CVSS 9.9):

      • Description: Protection mechanism failure in the Python Code Node (Pyodide sandbox bypass).

      • Impact: Authenticated remote code execution via malicious workflow logic.

      • Attack Vector: Authenticated (workflow creation or modification privileges required).

      • Delivery Method: Authenticated users with workflow create/modify privileges can embed malicious Python logic in the Pyodide-based Code Node to escape sandbox restrictions and execute host commands.

    • CVE-2026-21858 (CVSS 10.0):

      • Description: Unauthenticated arbitrary file access via execution of exposed, form-based workflows.

      • Impact: File read/write access that may enable further escalation and environment compromise.

      • Attack Vector: Unauthenticated, depending on workflow exposure.

      • Delivery Method: Publicly exposed form-based workflows can grant an unauthenticated remote attacker file access on the underlying server.

    • CVE-2026-21877 (CVSS 10.0):

      • Description: Authenticated remote code execution under specific conditions affecting workflow execution logic.

      • Impact: Full system compromise via malicious workflow behavior.

      • Attack Vector: Authenticated.

      • Delivery Method: Under certain conditions, an authenticated user can cause untrusted code to be executed by the n8n service, resulting in full compromise.

    • Please Note: In some deployments, these weaknesses may be combined to accelerate compromise; however, each CVE is independently high impact and should be treated as critical even without chaining.

  • Affected Components and Versions:

    • CVE-2025-68668:

      • n8n versions ≥ 1.0.0 and < 2.0.0

      • Affects workflows using the Python Code Node.

    • CVE-2026-21858:

      • n8n versions ≤ 1.121.0

      • Affects form-based workflows that are publicly accessible.

    • CVE-2026-21877:

      • n8n versions ≥ 0.123.0 and < 1.121.3

      • Impacts specific workflow execution paths (including Git-related functionality).

  • Fixed Versions:

    • n8n 2.0.0 or later – Fully addresses CVE-2025-68668

    • n8n 1.121.1 – Fixes CVE-2026-21858

    • n8n 1.121.3 – Fixes CVE-2026-21877

Please Note: Organizations should note that additional critical n8n RCE vulnerabilities (e.g., CVE-2025-68613) exist outside the specific issues covered in this advisory and should ensure all critical security updates are applied.

Image by ThisisEngineering

Impact

Successful exploitation of these vulnerabilities may result in:

  • Arbitrary system command execution on the host running n8n.

  • Full compromise of the n8n application and the underlying server.

  • Unauthorized access to sensitive data processed by workflows.

  • Tampering with existing workflows to deploy malicious automation.

  • Abuse of n8n’s privileges to interact with integrated business systems.

  • Increased risk in environments where workflow creation or modification permissions are broadly assigned.

Detection Method

Organizations should take the following steps to identify potential exposure or abuse:

  • Identify n8n instances running:

    • Versions < 2.0.0

    • Versions < 1.121.0

    • Versions < 1.121.3

  • Review user accounts with permissions to create or modify workflows.

  • Monitor usage of the Python Code Node across workflows.

  • Inspect workflow definitions for unexpected or suspicious Python logic.

  • Audit publicly exposed form-based workflows.

  • Validate whether task-runner-based Python sandboxing is enabled:

    • N8N_RUNNERS_ENABLED

    • N8N_NATIVE_PYTHON_RUNNER

Indicators of Compromise

There are No Indicators of Compromise (IOCs) for this Advisory.

mix of red, purple, orange, blue bubble shape waves horizontal for cybersecurity and netwo

Recommendations

  • Upgrade immediately to the latest patched version:

    • n8n 2.0.0 or later (strongly recommended)

    • At minimum, apply 1.121.0 and 1.121.3 where a full upgrade is not yet possible.

  • Restrict workflow creation and modification permissions to trusted users only.

  • Disable affected components where feasible:

    • Temporarily disable the Python Code Node:

      • NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]"

    • Disable Python support if not required:

      • N8N_PYTHON_ENABLED=false

  • Enable task-runner-based isolation:

    • N8N_RUNNERS_ENABLED=true

    • N8N_NATIVE_PYTHON_RUNNER=true

  • Limit or disable publicly accessible form workflows until patched.

  • Deploy n8n in a hardened execution environment with minimal system privileges.

Conclusion

Collectively, CVE-2025-68668, CVE-2026-21858, and CVE-2026-21877 pose a critical threat to n8n deployments, allowing attackers to escalate from workflow-level abuse to arbitrary command execution and full system compromise. These vulnerabilities underscore systemic deficiencies in sandbox isolation, access control enforcement, and file-handling logic within n8n’s workflow execution framework. Given the maximum-severity ratings, publicly available technical analyses, and credible exploitation paths, we urge organizations to treat this exposure as an immediate operational risk and act immediately. Rapid patching, strict restriction of workflow creation privileges, and validation of hardened runtime configurations are essential to reducing the attack surface. While interim mitigations may temporarily limit exposure, upgrading to patched versions remains the only comprehensive and reliable means of remediation.

bottom of page