Main Vulnerability Database Vulnerabilities #VU121010

#VU121010 Protection mechanism failure in n8n - CVE-2025-68668

Published: January 7, 2026 / Updated: February 9, 2026

Vulnerability identifier: #VU121010

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-68668

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
n8n

Software vendor:
n8n

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in the Python Code Node that uses Pyodide. A remote user with permission to create or modify workflows can bypass sandbox restrictions and execute arbitrary commands on the host system with privileges of the n8n process.

Remediation

Install updates from vendor's website.

External links

https://github.com/advisories/GHSA-62r4-hw23-cc8v
https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v

#VU121010 Protection mechanism failure in n8n - CVE-2025-68668

Description

Remediation

External links

Please verify you're human