Summary
n8n reports two sandbox escape vulnerabilities, CVE-2026-1470 and CVE-2026-0863, that allow authenticated users to execute arbitrary code and take over self-hosted servers. These flaws bypass JavaScript and Python security filters by exploiting deprecated language features and specific interpreter behaviors.
Take Action:
If you are using n8n, make sure it's isolated from the internet and accessible from trusted users only. Then patch n8n to version 1.123.17, 2.4.5 for CVE-2026-1470, and 1.123.14, 2.3.5 for CVE-2026-0863 or later. The CVE-2026-1470 patch is higher priority. Also configure Python nodes to run in 'External' mode for better process isolation.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)