CVE-2026-0863CRITICAL 9.9EPSS p94.3%

CVE-2026-0863CVE-2026-0863

Description

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS8.50% probability of exploitation · percentile 94.3% · 2026-06-18T12:00:27Z
Published2026-01-18
Last modified2026-02-10

Underlying weaknesses· 2

CWE-95CWE-94

References

  1. https://github.com/n8n-io/n8n/commit/b73a4283cb14e0f27ce19692326f362c7bf3da02
  2. https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077/
  3. https://www.smartkeyss.com/post/cve-2026-0863-python-sandbox-escape-in-n8n-via-exception-formatting-and-implicit-code-execution
  4. https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077/

2

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live
WeaknessImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')cwe-950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-68668
CVE
CVE-2026-42234
CVE
CVE-2026-25115
CVE
CVE-2026-27494
CVE
CVE-2026-1470
CVE
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.