Main Vulnerability Database Vulnerabilities #VU127225

Code Injection in n8n - #VU127225

Published: April 23, 2026

Vulnerability identifier: #VU127225

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: n8n

Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code on the task runner container.

The vulnerability exists due to improper control of code generation in the Python Code Node when creating or modifying workflows containing Python code. A remote user can craft a malicious workflow to execute arbitrary code on the task runner container.

This issue only affects instances where the Python Task Runner is enabled.

Remediation

Install security update from vendor's website.

Sources

https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4
https://github.com/advisories/GHSA-44v6-jhgm-p3m4

Code Injection in n8n - #VU127225

Detailed vulnerability description

Remediation

Sources

Please verify you're human