Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker imag

The impact of CVE-2026-0863 is significant, particularly for n8n deployments using the 'Internal' execution mode. Successful exploitation allows an attacker to execute arbitrary Python code with the privileges of the n8n process. This could enable attackers to gain complete control over the affected server, including data exfiltration, malware installation, and lateral movement within the network. In 'External' mode, the code execution occurs within a sidecar container, limiting the blast radius but still posing a security risk. The ability to bypass the intended sandbox highlights a critical flaw in the task execution mechanism, making it a high-priority vulnerability to address.

Organizations heavily reliant on n8n for workflow automation, particularly those using the Docker deployment method and the 'Internal' execution mode, are at significant risk. Environments with limited network segmentation or inadequate user access controls are also more vulnerable. Shared hosting environments running n8n could expose multiple tenants to the vulnerability.

• docker:

 docker exec <container_id> python -c 'import os; os.system("echo 'test'")'

• linux / server:

 journalctl -u n8n -f | grep -i "python-task-executor"

• generic web:

 curl -I <n8n_instance_url>/api/v1/workflows

• generic web: Inspect n8n access logs for unusual Python execution patterns or error messages related to the python-task-executor.

1. 2026-01-18Disclosure

   disclosure

1. 予約済み2026-01-12
2. 公開日2026-01-18
3. 更新日2026-02-10
4. EPSS 更新日2026-03-23

The primary mitigation for CVE-2026-0863 is to upgrade to a patched version of n8n as soon as it becomes available. Until a patch is released, consider restricting access to the Code block functionality or limiting the permissions of authenticated users. For environments where immediate upgrades are not possible, carefully review and restrict the Python code allowed within the Code block. Implement network segmentation to limit the potential impact of a successful exploit. Monitor n8n logs for suspicious activity, particularly related to Python execution and error handling. After upgrading, confirm the fix by attempting to execute a malicious Python payload within the Code block and verifying that the sandbox restrictions are properly enforced.