A newly revealed security flaw in n8n has been confirmed to let authenticated users execute arbitrary system commands on affected servers. The vulnerability, tracked as CVE‑2025‑68668, carries a CVSS score of 9.9, placing it in the critical severity category. The issue affects a wide range of n8n versions currently deployed across environments.
n8n is widely used to automate workflows and integrate applications, services, and scripts. Because the platform often handles sensitive data and credentials, security weaknesses within the system can pose serious risks.
Sandbox Bypass in Python Code Node
The vulnerability impacts all versions from 1.0.0 up to—but not including—2.0.0. According to the advisory, any authenticated user with permission to create or modify workflows can exploit the flaw to run operating system commands on the server hosting n8n. The issue is classified as a protection mechanism failure.
The vulnerability stems from a sandbox escape in the Python Code Node, which relies on Pyodide to execute Python code. As the advisory describes:
“A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process.”
Although attackers do not gain privileges beyond those of the n8n service, the ability to run system commands still creates opportunities for data access, lateral movement, or deeper compromise depending on how the deployment is configured.
The issue was published under GHSA‑62r4‑hw23‑cc8v, with credit given to security researcher csuermann. The affected package is the n8n npm package, and the vulnerability remained present until the release of version 2.0.0, where it was fully resolved.
Patch Details and Security Enhancements
The fix for CVE‑2025‑68668 is included in n8n version 2.0.0, which is now the official patched release. However, the project began strengthening security earlier. Version 1.111.0 introduced an optional task‑runner–based native Python execution model, designed to provide better isolation than the Pyodide‑based sandbox used in the Code Node.
Admins can activate this more secure execution method by configuring the following environment variables:
- N8N_RUNNERS_ENABLED
- N8N_NATIVE_PYTHON_RUNNER
Starting with version 2.0.0, this task‑runner–based Python environment is enabled by default, eliminating the sandbox bypass that made the vulnerability exploitable. This represents a significant architectural change intended to reduce the risks associated with executing Python inside workflows.
Mitigations, Workarounds, and Context
For organizations unable to upgrade immediately, n8n provides several interim mitigations:
- Disable the Code Node entirely by setting:
NODES_EXCLUDE=["n8n-nodes-base.code"] - Disable Python support within the Code Node with:
N8N_PYTHON_ENABLED=false
(Available since version 1.104.0) - Enable the task‑runner–based Python sandbox through:
N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER
This disclosure follows another critical n8n vulnerability, CVE‑2025‑68613, which also carried a CVSS score of 9.9 and allowed arbitrary code execution under certain conditions.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
