CVE-2026-0863
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
18/01/2026
Última modificación:
10/02/2026
Descripción
*** Pendiente de traducción *** Using string formatting and exception handling, an attacker may bypass n8n&#39;s python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.<br />
<br />
The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.<br />
<br />
If the instance is operating under the "External" execution mode (ex. n8n&#39;s official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
Impacto
Puntuación base 3.x
8.50
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | 1.123.14 (incluyendo) | |
| cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | 2.0.0 (incluyendo) | 2.3.5 (incluyendo) |
| cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | 2.4.0 (incluyendo) | 2.4.2 (incluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://github.com/n8n-io/n8n/commit/b73a4283cb14e0f27ce19692326f362c7bf3da02
- https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077/
- https://www.smartkeyss.com/post/cve-2026-0863-python-sandbox-escape-in-n8n-via-exception-formatting-and-implicit-code-execution
- https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077/