Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

N8n Python Code Node sandbox bypass (CVE-2025-68668)

Vulnerability
First reported
Last updated
Happening score
H score 49
2 unique sources, 3 articles

Summary

Hide ▲

n8n disclosed CVE-2026-21858 (“Ni8mare”), a CVSS 10.0 vulnerability in form-based workflows that can let remote unauthenticated attackers access files on affected servers and expose enterprise secrets. Cyera said the issue can affect up to 100,000 servers, and n8n urged users to upgrade to 1.121.0 or later because there are no official workarounds. The flaw was reported on November 9 and fixed nine days later.

Related Happenings

N8n actively exploited remote code execution vulnerability (CVE-2025-68613)

Vulnerability
First: 11.03.2026 20:21 Last: 11.03.2026 20:21 Sources 1

About this happening: An **actively exploited** **n8n** remote code execution flaw, **CVE-2025-68613**, lets authenticated attackers run arbitrary code on vulnerable servers and can lead to full compro...

Latest development: 12.03.2026 07:18

CISA adds CVE-2025-68613, an n8n expression-injection flaw with CVSS 9.9 that can lead to remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; CISA says it is the first n8n vulnerability placed in KEV.

Open Happening

N8n sandbox escape flaws (multiple vulnerabilities)

Vulnerability
First: 04.02.2026 15:00 Last: 04.02.2026 15:00 Sources 1

About this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...

Open Happening

Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)

Advisory/Mitigation
First: 03.02.2026 18:15 Last: 03.02.2026 18:15 Sources 1

About this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...

Open Happening

N8n eval injection sandbox bypass flaws (multiple vulnerabilities)

Vulnerability
First: 28.01.2026 14:43 Last: 28.01.2026 14:43 Sources 1

About this happening: Two **n8n** eval-injection flaws, **CVE-2026-1470** and **CVE-2026-0863**, now expose susceptible instances to **authenticated remote code execution** and **arbitrary Python code...

Open Happening

Grist-Core Cellbreak sandbox escape (CVE-2026-24002)

Vulnerability
First: 27.01.2026 12:36 Last: 27.01.2026 12:36 Sources 1

About this happening: A **critical** **Grist-Core** vulnerability, **CVE-2026-24002** (**Cellbreak**), can let **malicious spreadsheet formulas** trigger **remote code execution** on self-hosted instan...

Open Happening

Timeline

  1. 06.01.2026 07:08 4 articles · 4mo ago

    n8n discloses CVE-2025-68668 Python Code Node sandbox bypass

    Initial Disclosure

    n8n disclosed CVE-2025-68668, a critical 9.9 CVSS sandbox bypass in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can execute arbitrary operating system commands on the host running n8n using the same privileges as the n8n process. The issue affects n8n versions 1.0.0 up to, but not including, 2.0.0, is fixed in 2.0.0, and can be mitigated by disabling the Code Node, disabling Python support, or enabling the task runner-based Python sandbox through N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER.

    Show sources
    Open in new tab