CVE-2026-49444

Summary

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.

Affected Software

VendorProductVersion RangeStatus
n8n-ion8n< 1.123.48affected
n8n-ion8n>= 2.0.0-rc.0, < 2.21.8affected
n8n-ion8n>= 2.22.0, < 2.22.4affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References