CVE-2025-68668
9.90.10%
n8n Sandbox Escape: When Python Breaks the Wasm Wall
Alon Barad
Software EngineerJan 2, 2026·6 min read·23 visits
PoC Available
Executive Summary (TL;DR)
n8n versions prior to 2.0.0 implemented a Python 'Code Node' using Pyodide (Python in WebAssembly). Due to improper isolation, the Python environment retained access to the host Node.js runtime. Attackers with workflow-editing permissions can bridge this gap to execute system commands, effectively compromising the entire host and any secrets stored within n8n.
A critical sandbox bypass in the n8n workflow automation platform allows authenticated users to escape the Pyodide environment and execute arbitrary code on the host server. Rated CVSS 9.9, this vulnerability turns a standard workflow tool into a remote command execution terminal.
Official Patches
Technical Appendix
CVSS Score
9.9/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:LEPSS Probability
0.10%
Top 100% most exploited
5,000
Estimated exposed hosts via Shodan
Affected Systems
n8n workflow automation platform (versions < 2.0.0)
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
n8n n8n | < 2.0.0 | 2.0.0 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-693 (Protection Mechanism Failure) |
| Attack Vector | Network (Authenticated) |
| CVSS | 9.9 (Critical) |
| Impact | Remote Command Execution (RCE) |
| Vulnerable Component | Python Code Node (Pyodide) |
| Exploit Status | Trivial for Authenticated Users |
MITRE ATT&CK Mapping
CWE-693
Protection Mechanism Failure
Protection Mechanism Failure
Known Exploits & Detection
Vulnerability Timeline
Vulnerability disclosed
2025-01-15
n8n v2.0.0 released with fix
2025-01-20