CVE-2026-27494: n8n has Arbitrary File Read via Python Code Node Sandbox Escape

February 25, 2026 (updated February 27, 2026)

An authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE.

On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner.

Task Runners must be enabled using N8N_RUNNERS_ENABLED=true.

References

github.com/advisories/GHSA-mmgg-m5j7-f83h
github.com/n8n-io/n8n
github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h
nvd.nist.gov/vuln/detail/CVE-2026-27494

Code Behaviors & Features

Detect and mitigate CVE-2026-27494 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →