DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-0863: Snake in the Sandbox: Breaking n8n with Python 3.10 Internals

#security #cve #cybersecurity

Snake in the Sandbox: Breaking n8n with Python 3.10 Internals

Vulnerability ID: CVE-2026-0863
CVSS Score: 8.5
Published: 2026-01-18

A sophisticated sandbox escape in n8n's Python task executor leverages a Python 3.10 error-handling feature to bypass static analysis. By intentionally triggering exceptions inside formatted strings, attackers can access restricted internal objects via the 'obj' attribute of the exception, eventually leading to full Remote Code Execution (RCE).

TL;DR

The n8n Python sandbox tries to block bad words like os or __traceback__. However, Python 3.10 introduced a "helpful" feature where AttributeError objects carry a reference to the object that caused the error in their .obj attribute. Attackers can abuse this to launder forbidden objects through an exception handler, bypass the denylist, and execute arbitrary system commands.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-95 (Eval Injection)
  • Attack Vector: Network (Authenticated)
  • CVSS v3.1: 8.5 (High)
  • Impact: Confidentiality, Integrity, Availability
  • Exploit Status: Functional PoC Available
  • EPSS Score: 0.07% (Low Probability)

Affected Systems

  • n8n workflow automation tool (Self-hosted)
  • n8n Cloud (Fixed by vendor)
  • n8n python-task-executor component
  • n8n: < 1.123.14 (Fixed in: 1.123.14)
  • n8n: 2.0.0 - 2.3.4 (Fixed in: 2.3.5)
  • n8n: 2.4.0 - 2.4.1 (Fixed in: 2.4.2)

Code Analysis

Commit: b73a428

fix(core): disallow access to obj attribute in python sandbox

packages/@n8n/task-runner-python/src/constants.py
+    "obj",
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Update n8n to the latest patched version.
  • Switch execution mode from 'Internal' to 'External' (Worker mode).
  • Restrict network access for the n8n host/container to prevent reverse shells.

Remediation Steps:

  1. Identify current n8n version via Settings > About.
  2. Pull the latest Docker image: docker pull n8nio/n8n:latest.
  3. Restart the n8n container.
  4. Verify the fix by attempting to run the PoC script in a Code Node; it should fail with a security violation.

References

Read the full report for CVE-2026-0863 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)