CVE-2026-25115 – This vulnerability in n8n's Python Code node al... (How to Fix)

Q: What is the severity of CVE-2026-25115?

CVE-2026-25115 has a CVSS score of 9.9 (CRITICAL). This vulnerability in n8n's Python Code node allows authenticated users to escape the Python sandbox and execute arbitrary code on the underlying system. It affects all n8n instances running versions before 2.4.8 where users have access to the Python Code node functionality.

📋 TL;DR

This vulnerability in n8n's Python Code node allows authenticated users to escape the Python sandbox and execute arbitrary code on the underlying system. It affects all n8n instances running versions before 2.4.8 where users have access to the Python Code node functionality.

💻 Affected Systems

Products:

n8n

Versions: All versions prior to 2.4.8

Operating Systems: All platforms running n8n

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to n8n with permissions to use Python Code nodes.

📦 What is this software?

N8n by N8n

View all CVEs affecting N8n →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, access sensitive data, install malware, or pivot to other systems.

🟠

Likely Case

Privilege escalation leading to unauthorized access to system resources, data exfiltration, or disruption of automation workflows.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and monitoring are in place to contain potential breaches.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of Python sandbox escape techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.8

Vendor Advisory: https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h

Restart Required: Yes

Instructions:

1. Backup your n8n instance and data. 2. Update n8n to version 2.4.8 or later using your deployment method (Docker, npm, etc.). 3. Restart the n8n service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Python Code Node

all

Temporarily disable or restrict access to Python Code nodes until patching is complete.

Configure n8n settings to disable Python execution or restrict user permissions

Network Segmentation

all

Isolate n8n instances from sensitive systems and implement strict network controls.

🧯 If You Can't Patch

Implement strict access controls and audit all users with Python Code node permissions
Deploy additional monitoring and intrusion detection for suspicious Python execution patterns

🔍 How to Verify

Check if Vulnerable:

Check n8n version via web interface or command line. If version is below 2.4.8, the system is vulnerable.

Check Version:

docker exec n8n n8n --version OR check n8n web interface settings

Verify Fix Applied:

Confirm n8n version is 2.4.8 or higher and test that Python Code node functionality works within expected boundaries.

📡 Detection & Monitoring

Log Indicators:

Unusual Python module imports
System command execution from Python nodes
Failed sandbox escape attempts

Network Indicators:

Unexpected outbound connections from n8n instance
Unusual data transfers

SIEM Query:

source="n8n" AND (python_execution OR sandbox_violation)

📊 Metadata

CVE ID: CVE-2026-25115

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-693

EPSS Score: 0.05% exploit probability (14.7th percentile)

Published: February 4, 2026

Last Updated: February 5, 2026

🔗 References

https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25115, you might also want to check these: