CVE-2025-68668
π¨ CRITICALn8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with perm...
Description
Request Expert Reviewn8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
Affected Products (1)
CVSS Scores
References
Additional Information
- Source
- security-advisories@github.com
- State
- Analyzed
Related CVEs
CVE-2026-1139
HIGHA vulnerability has been found in UTT θΏε 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The...
CVE-2026-1138
HIGHA flaw has been found in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can...
CVE-2026-1137
HIGHA vulnerability was detected in UTT θΏε 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig....
CVE-2026-1136
LOWA weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bCont...
CVE-2026-1135
MEDIUMA security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. T...
CVE-2026-1134
MEDIUMA vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The ma...
Share CVE-2025-68668
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-68668 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!