CVE-2026-49444: n8n: Python sandbox escape

June 16, 2026

An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.

This issue only affects instances where the Python Task Runner is enabled.

References

github.com/advisories/GHSA-9pq8-m8gp-4p53
github.com/n8n-io/n8n/security/advisories/GHSA-9pq8-m8gp-4p53
nvd.nist.gov/vuln/detail/CVE-2026-49444

Code Behaviors & Features

Detect and mitigate CVE-2026-49444 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →