Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-27494

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-25 Feb, 2026 | 22:08
Updated At-26 Feb, 2026 | 20:28
Rejected At-
Credits

n8n has Arbitrary File Read via Python Code Node Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only., and/or disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:25 Feb, 2026 | 22:08
Updated At:26 Feb, 2026 | 20:28
Rejected At:
▼CVE Numbering Authority (CNA)
n8n has Arbitrary File Read via Python Code Node Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only., and/or disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Affected Products
Vendor
n8n-io
Product
n8n
Versions
Affected
  • < 1.123.22
  • >= 2.0.0, < 2.9.3
  • >= 2.10.0, < 2.10.1
Problem Types
TypeCWE IDDescription
CWECWE-497CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Type: CWE
CWE ID: CWE-497
Description: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h
x_refsource_CONFIRM
https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
x_refsource_MISC
https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
x_refsource_MISC
https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
x_refsource_MISC
Hyperlink: https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
Resource:
x_refsource_MISC
Hyperlink: https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:25 Feb, 2026 | 23:16
Updated At:27 Feb, 2026 | 14:06

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only., and/or disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-497Primarysecurity-advisories@github.com
CWE ID: CWE-497
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22security-advisories@github.com
N/A
https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1security-advisories@github.com
N/A
https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3security-advisories@github.com
N/A
https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83hsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2024-13995
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-1.42% / 80.34%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 21:29
Updated-17 Nov, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI < 2024R1.1.2 API Keys & Hashed Passwords Authenticated Information Disclosure

Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiXI
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-34283
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-1.10% / 77.71%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 21:29
Updated-17 Nov, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiXI
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Details not found