GHSA-44v6-jhgm-p3m4: n8n has a Python Task Runner Sandbox Escape Vulnerability
Summary
n8n (a workflow automation tool) has a vulnerability where authenticated users who can create or modify workflows can escape the sandbox (an isolated environment meant to restrict code execution) and run arbitrary code on the task runner container, but only if the Python Task Runner feature is enabled.
Solution / Mitigation
The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later. As temporary workarounds if upgrading is not immediately possible, administrators can limit workflow creation and editing permissions to fully trusted users only, or disable the Python Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable, or disable the Python Task Runner entirely. However, the source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.
Vulnerability Details
EPSS: 0.0%
Yes
April 29, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-44v6-jhgm-p3m4
First tracked: April 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%