CVE-2025-68668

n8n Sandbox Escape: When Python Breaks the Wasm Wall

Alon Barad
Alon Barad
Software Engineer

Jan 2, 2026·6 min read·12 visits

Executive Summary (TL;DR)

n8n versions prior to 2.0.0 implemented a Python 'Code Node' using Pyodide (Python in WebAssembly). Due to improper isolation, the Python environment retained access to the host Node.js runtime. Attackers with workflow-editing permissions can bridge this gap to execute system commands, effectively compromising the entire host and any secrets stored within n8n.

A critical sandbox bypass in the n8n workflow automation platform allows authenticated users to escape the Pyodide environment and execute arbitrary code on the host server. Rated CVSS 9.9, this vulnerability turns a standard workflow tool into a remote command execution terminal.

Official Patches

n8nn8n v2.0.0 Release Notes
n8nGitHub Security Advisory

Technical Appendix

CVSS Score
9.9/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS Probability
0.10%
Top 100% most exploited
5,000
via Shodan

Affected Systems

n8n workflow automation platform (versions < 2.0.0)

Affected Versions Detail

Product
Affected Versions
Fixed Version
n8n
n8n
< 2.0.02.0.0
AttributeDetail
CWE IDCWE-693 (Protection Mechanism Failure)
Attack VectorNetwork (Authenticated)
CVSS9.9 (Critical)
ImpactRemote Command Execution (RCE)
Vulnerable ComponentPython Code Node (Pyodide)
Exploit StatusTrivial for Authenticated Users

MITRE ATT&CK Mapping

T1059.006Command and Scripting Interpreter: Python
Execution
T1611Escape to Host
Privilege Escalation
T1552Unsecured Credentials
Credential Access
CWE-693
Protection Mechanism Failure

Protection Mechanism Failure

Known Exploits & Detection

Research AnalysisThe vendor advisory confirms the sandbox bypass via Pyodide.

Vulnerability Timeline

Vulnerability disclosed
2025-01-15
n8n v2.0.0 released with fix
2025-01-20

Subscribe to updates

Get the latest CVE analysis reports delivered to your inbox.