GHSA-9pq8-m8gp-4p53: n8n: Python sandbox escape
Summary
An authenticated user with permission to create or modify workflows in n8n could escape the Python sandbox (a restricted environment meant to safely run untrusted code) and execute arbitrary code on the task runner container. This vulnerability only affects instances where the Python Task Runner feature is enabled.
Solution / Mitigation
The issue has been fixed in n8n versions 1.123.48, 2.21.8, and 2.22.4. Users should upgrade to one of these versions or later. As temporary workarounds while upgrading: limit workflow creation and editing permissions to fully trusted users only, or disable the Python Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable, or disable the Python Task Runner entirely. The source notes these workarounds do not fully remediate the risk and should only be short-term measures.
Vulnerability Details
EPSS: 0.0%
Yes
June 16, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-9pq8-m8gp-4p53
First tracked: June 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%