CVE-2026-42234: n8n has a Python Task Runner Sandbox Escape Vulnerability

April 29, 2026 (updated May 8, 2026)

An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.

This issue only affects instances where the Python Task Runner is enabled.

References

github.com/advisories/GHSA-44v6-jhgm-p3m4
github.com/n8n-io/n8n
github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4
nvd.nist.gov/vuln/detail/CVE-2026-42234

Code Behaviors & Features

Detect and mitigate CVE-2026-42234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →