Protection mechanism failure in n8n - CVE-2025-68668
Published: January 7, 2026 / Updated: February 9, 2026
Vulnerability identifier: #VU121010
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-68668
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: n8n
Affected software:
n8n
n8n
Detailed vulnerability description
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the Python Code Node that uses Pyodide. A remote user with permission to create or modify workflows can bypass sandbox restrictions and execute arbitrary commands on the host system with privileges of the n8n process.
How to mitigate CVE-2025-68668
Install updates from vendor's website.