A critical vulnerability in n8n (CVE-2025-68668) allows authenticated users to execute arbitrary system commands through a sandbox bypass in the Python Code Node. This flaw affects all versions before 2.0.0 and has been mitigated in recent releases through architectural changes and security enhancements. #n8n #CVE-2025-68668
Keypoints
- The vulnerability impacts all n8n versions from 1.0.0 to just before 2.0.0.
- It exploits a sandbox bypass within the Python Code Node that uses Pyodide for code execution.
- Authenticated users with permission to modify workflows can execute arbitrary commands on the server.
- The issue was addressed in n8n version 2.0.0 with architectural changes to isolate Python code better.
- Organizations can mitigate the risk by disabling the Code Node or Python support via environment variables.
Read More: https://thecyberexpress.com/n8n-vulnerability-cve-2025-68668/