A critical security flaw has been revealed in n8n, affecting versions prior to 2.0.0, allowing authenticated users to execute arbitrary system commands. The vulnerability has been fixed in the latest release, version 2.0.0. #CVE-2025-68668 #n8n
Keypoints
- A critical vulnerability in n8n permits authenticated users to run arbitrary system commands.
- The flaw impacts versions from 1.0.0 to 1.999.9 and is fixed in version 2.0.0.
- The vulnerability involves a sandbox bypass in the Python Code Node using Pyodide.
- n8n has introduced a native Python implementation in version 1.111.0 for better security isolation.
- Workarounds include disabling the Code Node and configuring environment variables to restrict Python support.
Read More: https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html