Protection mechanism failure in n8n - #VU137160
Published: July 8, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to access the host filesystem and network without sandbox restrictions.
The vulnerability exists due to improper sandbox enforcement in the shell tool of the @n8n/computer-use package when executing shell commands on Linux or Windows. A remote user can run shell commands through the computer-use agent to access the host filesystem and network without sandbox restrictions.
Only deployments where the @n8n/computer-use package is explicitly installed and running are vulnerable.