HomeCVE Intelligence › CVE-2026-49444
CVSS 8.5 HIGH Vulnerability

CVE-2026-49444: n8n: Python sandbox escape

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affect…

8.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49444
Vendornpm
Affected Productn8n
Vulnerability TypeVulnerability
CVSS Score8.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact

An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled.

Patches

The issue has been fixed in n8n versions 1.123.48, 2.21.8, and 2.22.4. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

• Limit workflow creation and editing permissions to fully trusted users only.
• Disable the Python Code node by adding n8n-nodes-base.code to the NODES_EXCLUDE environment variable, or disable the Python Task Runner entirely.

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49444 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence