DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-JWM3-QCFW-C5PP: GHSA-jwm3-qcfw-c5pp: Security Bypass in n8n Python Code Node AST Validator

#security #cve #cybersecurity #ghsa

GHSA-jwm3-qcfw-c5pp: Security Bypass in n8n Python Code Node AST Validator

Vulnerability ID: GHSA-JWM3-QCFW-C5PP
CVSS Score: 5.1
Published: 2026-06-16

An authenticated security-bypass vulnerability in n8n allows users with workflow creation or modification privileges to bypass the Python AST security validator. By circumventing AST validation logic, attackers can execute arbitrary statements, access the task executor's root module namespace, and disclose sensitive host environment variables on self-hosted instances.

TL;DR

Authenticated users can bypass n8n's Python Code Node AST validator, escaping the execution sandbox to access host environment variables and process namespaces.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-184 / CWE-265
  • Attack Vector: Network (Low Privileges)
  • CVSS Score: 5.1 (Medium)
  • EPSS Score: N/A (No CVE Assigned)
  • Impact: Information Disclosure / Sandbox Escape
  • Exploit Status: Proof-of-Concept
  • KEV Status: Not Listed

Affected Systems

  • n8n (npm package)
  • n8n self-hosted environments
  • n8n: < 2.25.7 (Fixed in: 2.25.7)
  • n8n: >= 2.26.0, < 2.26.2 (Fixed in: 2.26.2)

Mitigation Strategies

  • Upgrade n8n to patched versions (2.25.7 or 2.26.2+)
  • Exclude the Code node globally using NODES_EXCLUDE environment variable
  • Restrict workflow editing permissions to trusted administrator roles only
  • Disable the Python Task Runner execution option entirely if unused

Remediation Steps:

  1. Check the currently deployed n8n version via the administration panel or container environment.
  2. Update the n8n container image or npm package to 2.25.7 or 2.26.2 depending on your current branch releases.
  3. Configure your system environment files to include NODES_EXCLUDE=["n8n-nodes-base.code"] if an immediate upgrade is not possible.
  4. Verify that the Python Code node sandbox is updated and that dynamic getattr payloads fail to execute successfully.

References

Read the full report for GHSA-JWM3-QCFW-C5PP on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)