CNNVD-202601-2952 Information

CNNVD ID

CNNVD-202601-2952

Related CVE

CVE-2026-0863

• CNNVD Published: 2026-01-18

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n存在安全漏洞，该漏洞源于攻击者可能利用字符串格式化和异常处理绕过python-task-executor沙盒限制，可能导致执行任意Python代码和实例接管。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. There is a security loophole, which stems from the possibility that the attackers may use string formatting and unusual handling to circumvent the python-task-executor sandbox restrictions, which may lead to the enforcement of any Python code and instances of takeover.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

n8n

Published

2026-01-18

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/commit/b73a4283cb14e0f27ce19692326f362c7bf3da02 https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077/ https://access.redhat.com/security/cve/cve-2026-0863

Patch

https://n8n.io/