{"data":{"id":"3dac36c6-0108-4cfe-a7d5-498a8fb09964","title":"GHSA-44v6-jhgm-p3m4: n8n has a Python Task Runner Sandbox Escape Vulnerability","summary":"n8n (a workflow automation tool) has a vulnerability where authenticated users who can create or modify workflows can escape the sandbox (an isolated environment meant to restrict code execution) and run arbitrary code on the task runner container, but only if the Python Task Runner feature is enabled.","solution":"The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later. As temporary workarounds if upgrading is not immediately possible, administrators can limit workflow creation and editing permissions to fully trusted users only, or disable the Python Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable, or disable the Python Task Runner entirely. However, the source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-44v6-jhgm-p3m4","publishedAt":"2026-04-29T21:21:50.000Z","cveId":"CVE-2026-42234","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.17.0, < 2.17.4 (fixed: 2.17.4)","n8n@>= 2.18.0, < 2.18.1 (fixed: 2.18.1)","n8n@< 1.123.32 (fixed: 1.123.32)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-29T21:21:50.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}