CVE-2026-25115
CVE-2026-25115
9.4
CriticalPublished:
Last updated:
Source:security-advisories@github.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.
CVE-2026-25115: Professional Cybersecurity Analysis
Executive Summary
CVE-2026-25115 represents a critical severity Python sandbox escape vulnerability in n8n's workflow automation platform. With a CVSS score of 9.9, this vulnerability enables authenticated attackers to break containment boundaries and execute arbitrary code on the underlying system, bypassing intended security controls in the Python Code node.
1. Vulnerability Assessment and Severity Evaluation
Severity Classification
- CVSS Score: 9.9 (Critical)
- Attack Complexity: Low
- Privileges Required: Low (authenticated user)
- User Interaction: None
- Scope: Changed (affects resources beyond the vulnerable component)
Technical Impact
The vulnerability represents a sandbox escape scenario, one of the most severe security failures in containerized or isolated execution environments. The critical rating is justified by:
- Complete system compromise potential - Breaking sandbox boundaries typically grants access to the host system
- Privilege escalation pathway - Authenticated users can exceed their intended authorization levels
- Data confidentiality breach - Access to sensitive data outside the workflow context
- Integrity violation - Ability to modify system files and configurations
- Availability impact - Potential for system disruption or denial of service
Risk Context
This vulnerability is particularly severe in multi-tenant environments or scenarios where n8n processes sensitive data, as the sandbox is the primary security boundary preventing malicious or compromised workflows from affecting the broader infrastructure.
2. Potential Attack Vectors and Exploitation Methods
Attack Prerequisites
- Authentication required - Attacker must have valid credentials to n8n platform
- Access to Python Code node - User must have permissions to create or modify workflows containing Python Code nodes
- Network access - Ability to interact with the n8n instance
Exploitation Methodology
Primary Attack Vector
Authenticated User → Create/Modify Workflow →
Insert Malicious Python Code → Execute Workflow →
Sandbox Escape → Host System Access
Likely Exploitation Techniques
-
Python Built-in Abuse
- Exploitation of
__import__,eval(),exec(), orcompile()functions - Manipulation of Python's introspection capabilities (
__globals__,__builtins__) - Access to restricted modules through import manipulation
- Exploitation of
-
Object Introspection Chain
# Example conceptual attack pattern [].__class__.__base__.__subclasses__() # Navigate to unrestricted classes # Access file system or subprocess modules -
Module Import Bypass
- Circumventing import restrictions through dynamic loading
- Exploiting incomplete module blacklisting
- Using alternative import mechanisms (importlib, import)
-
File System Access
- Reading sensitive configuration files
- Writing malicious code to accessible directories
- Modifying application files
-
Process Execution
- Spawning system shells
- Executing arbitrary system commands
- Establishing reverse shells for persistent access
Post-Exploitation Activities
- Lateral movement to other systems in the network
- Credential harvesting from configuration files or environment variables
- Data exfiltration from databases or file systems
- Persistence establishment through backdoors or scheduled tasks
- Supply chain attacks by modifying workflow definitions
3. Affected Systems and Software Versions
Affected Versions
- n8n versions: All versions prior to 2.4.8
- Specific component: Python Code node execution environment
Deployment Scenarios at Risk
-
Self-hosted installations
- Docker deployments
- Kubernetes clusters
- Virtual machine installations
- Bare metal servers
-
Cloud deployments
- AWS, Azure, GCP hosted instances
- Platform-as-a-Service implementations
-
Enterprise environments
- Multi-tenant configurations (highest risk)
- Integration with sensitive business systems
- Automated workflow processing pipelines
Environmental Factors Increasing Risk
- Shared hosting environments - Multiple users on same instance
- Integration with privileged systems - Database servers, authentication systems
- Processing of sensitive data - PII, financial information, credentials
- External user access - Contractors, partners with authenticated access
- Insufficient network segmentation - Direct access to internal resources
4. Recommended Mitigation Strategies
Immediate Actions (Priority 1)
-
Emergency Patching
# Update to patched version immediately npm update n8n@2.4.8 # Or for Docker deployments docker pull n8nio/n8n:2.4.8 -
Access Restriction
- Audit all users with workflow creation/modification permissions
- Temporarily disable Python Code node if patching cannot be immediate
- Implement principle of least privilege for user accounts
-
Incident Response
- Review all existing workflows containing Python Code nodes
- Examine system logs for suspicious Python execution patterns
- Check for indicators of compromise:
- Unexpected process executions
- Unusual network connections
- File system modifications
- Privilege escalation attempts
Short-term Mitigations (Priority 2)
-
Network Segmentation
- Isolate n8n instances in dedicated network segments
- Implement strict firewall rules limiting outbound connections
- Deploy intrusion detection/prevention systems (IDS/IPS)
-
Monitoring and Detection
Monitor for: - Unusual Python module imports (subprocess, os, sys) - File system access outside workflow directories - Network connections to unexpected destinations - Process spawning from n8n worker processes - Execution time anomalies in Python Code nodes -
Access Control Hardening
- Implement multi-factor authentication (MFA)
- Regular access reviews and permission audits
- Role-based access control (RBAC) enforcement
- Workflow approval processes for production environments
Long-term Strategic Controls (Priority 3)
-
Security Architecture
- Deploy n8n in containerized environments with resource limits
- Implement runtime application self-protection (RASP)
- Use security-enhanced Linux (SELinux) or AppArmor profiles
- Consider serverless execution models for workflow nodes
-
Operational Security
- Establish workflow code review processes
- Implement automated security scanning for workflow definitions
- Regular security assessments and penetration testing
- Incident response plan specific to workflow automation risks
-
Defense in Depth
- File integrity monitoring (FIM) on n8n installation directories
- Application-level firewalls
- Data loss prevention (DLP) controls
- Regular backup and recovery testing
Compensating Controls (If Patching Delayed)
-
Disable Python Code Node
// In n8n configuration NODES_EXCLUDE: "n8n-nodes-base.pythonCode" -
Restrict User Permissions
- Limit workflow creation to trusted administrators only
- Implement workflow approval workflows
- Enable audit logging for all workflow modifications
-
Enhanced Monitoring
- Deploy endpoint detection and response (EDR) on n8n hosts
- Implement security information and event management (SIEM) integration
- Real-time alerting on suspicious Python execution patterns
5. Impact on Cybersecurity Landscape
Industry Implications
-
Workflow Automation Security Scrutiny
- Increased focus on sandbox security in low-code/no-code platforms
- Regulatory attention to automation platform security controls
- Insurance and compliance implications for organizations using vulnerable versions
-
Supply Chain Risk
- n8n's role in business process automation creates supply chain exposure
- Compromised workflows could affect downstream systems and partners
- Potential for automated attack propagation through integrated systems
-
Open Source Security Concerns
- Highlights challenges in securing complex execution environments
- Demonstrates importance of security-focused development in OSS projects
- May influence adoption decisions for open-source automation platforms
Threat Actor Interest
High-value target for:
- Advanced Persistent Threats (APTs) - Persistent access to business processes
- Ransomware operators - Access to multiple integrated systems
References
security-advisories@github.com
https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h