A critical vulnerability has been discovered in n8n, an open-source automation and workflow platform, that could allow authenticated users to execute arbitrary commands on vulnerable systems.
The flaw, tracked as CVE-2025-68668, affects all n8n versions from 1.0.0 to 1.999.999 and has a CVSS score of 9.1, indicating severe risk.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-68668 |
| Vulnerability Type | Sandbox Bypass / Arbitrary Command Execution |
| Affected Component | Python Code Node (Pyodide) |
| Severity | Critical |
| CVSS v3.1 Score | 9.1/10 |
Vulnerability Details
The vulnerability exists in n8n’s Python Code Node, which relies on Pyodide for sandbox execution, as reported by Security Researches in Github.
Researchers discovered that the sandbox protection mechanism can be bypassed by authenticated users with permission to create or modify workflows.
Once exploited, an attacker can execute arbitrary system commands with the same privileges as the n8n process running on the host machine.
The vulnerability requires low-level privileges and low attack complexity, making it relatively simple for malicious insiders or users with basic workflow access to launch attacks.
The flaw impacts the confidentiality, integrity, and availability of affected systems, potentially leading to data theft, system compromise, or service disruption.
The vulnerability impacts n8n versions 1.0.0 through 1.999.999. n8n released version 2.0.0 with a complete fix that replaces the vulnerable Pyodide-based implementation with a more secure task-runner-based native Python environment.
Users on versions 1.104.0 or later can also apply temporary workarounds without upgrading.
Security teams have multiple options to protect their systems immediately. The most straightforward approach is to disable the Code Node entirely by setting the environment variable NODES_EXCLUDE to exclude n8n-nodes-base.code.
Alternatively, organizations can turn off Python support by setting N8N_PYTHON_ENABLED=false, available since version 1.104.0.
For those preferring a more granular approach, n8n offers a task-runner-based Python sandbox that can be enabled via N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. This provides better isolation without removing functionality entirely.
Organizations running n8n should prioritize upgrading to version 2.0.0 immediately. If immediate upgrades are not feasible, implement one of the workarounds above based on your operational requirements.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.