{"data":{"id":"6116b75c-12e8-49b5-8395-466e4524abda","title":"GHSA-jjpj-p2wh-qf23: n8n has a Sandbox Escape in its JavaScript Task Runner","summary":"n8n, a workflow automation tool, has a sandbox escape vulnerability in its JavaScript Task Runner that lets authenticated users run code outside the sandbox (a restricted environment for running untrusted code). On default setups, this could give attackers full control of the n8n server, while on systems using external task runners, attackers could impact other workflows.","solution":"Upgrade to n8n version 2.10.1, 2.9.3, or 1.123.22 or later. If immediate upgrade is not possible, temporarily limit workflow creation and editing permissions to trusted users only, or use external runner mode by setting N8N_RUNNERS_MODE=external to reduce potential damage.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-jjpj-p2wh-qf23","publishedAt":"2026-02-25T21:23:15.000Z","cveId":"CVE-2026-27495","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.10.0, < 2.10.1 (fixed: 2.10.1)","n8n@>= 2.0.0, < 2.9.3 (fixed: 2.9.3)","n8n@< 1.123.22 (fixed: 1.123.22)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00078,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}