{"vulnerability": "ghsa-jwm3-qcfw-c5pp", "sightings": [{"uuid": "a989da11-ee62-4703-b9aa-e051161a5d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-jwm3-qcfw-c5pp", "type": "seen", "source": "https://gist.github.com/alon710/8b7e25353cc061230cbe51b2eb337874", "content": "# GHSA-JWM3-QCFW-C5PP: GHSA-jwm3-qcfw-c5pp: Security Bypass in n8n Python Code Node AST Validator\n\n&gt; **CVSS Score:** 5.1\n&gt; **Published:** 2026-06-16\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-JWM3-QCFW-C5PP\n\n## Summary\nAn authenticated security-bypass vulnerability in n8n allows users with workflow creation or modification privileges to bypass the Python AST security validator. By circumventing AST validation logic, attackers can execute arbitrary statements, access the task executor's root module namespace, and disclose sensitive host environment variables on self-hosted instances.\n\n## TL;DR\nAuthenticated users can bypass n8n's Python Code Node AST validator, escaping the execution sandbox to access host environment variables and process namespaces.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-184 / CWE-265\n- **Attack Vector**: Network (Low Privileges)\n- **CVSS Score**: 5.1 (Medium)\n- **EPSS Score**: N/A (No CVE Assigned)\n- **Impact**: Information Disclosure / Sandbox Escape\n- **Exploit Status**: Proof-of-Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- n8n (npm package)\n- n8n self-hosted environments\n- **n8n**: &lt; 2.25.7 (Fixed in: `2.25.7`)\n- **n8n**: &gt;= 2.26.0, &lt; 2.26.2 (Fixed in: `2.26.2`)\n\n## Mitigation\n\n- Upgrade n8n to patched versions (2.25.7 or 2.26.2+)\n- Exclude the Code node globally using NODES_EXCLUDE environment variable\n- Restrict workflow editing permissions to trusted administrator roles only\n- Disable the Python Task Runner execution option entirely if unused\n\n**Remediation Steps:**\n1. Check the currently deployed n8n version via the administration panel or container environment.\n2. Update the n8n container image or npm package to 2.25.7 or 2.26.2 depending on your current branch releases.\n3. Configure your system environment files to include NODES_EXCLUDE=[\"n8n-nodes-base.code\"] if an immediate upgrade is not possible.\n4. Verify that the Python Code node sandbox is updated and that dynamic getattr payloads fail to execute successfully.\n\n## References\n\n- [GitHub Security Advisory GHSA-jwm3-qcfw-c5pp](https://github.com/n8n-io/n8n/security/advisories/GHSA-jwm3-qcfw-c5pp)\n- [n8n Main GitHub Repository](https://github.com/n8n-io/n8n)\n- [GitHub Advisory Database Entry](https://github.com/advisories/GHSA-JWM3-QCFW-C5PP)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-JWM3-QCFW-C5PP) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-17T07:12:05.000000Z"}, {"uuid": "5581cfb8-0015-4257-9781-a4c602d89280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-jwm3-qcfw-c5pp", "type": "seen", "source": "https://gist.github.com/alon710/1e67864e99b4742c1095816dbc6f28c7", "content": "# GHSA-JWM3-QCFW-C5PP: GHSA-jwm3-qcfw-c5pp: Security Bypass in n8n Python Code Node AST Validator\n\n&gt; **CVSS Score:** 5.1\n&gt; **Published:** 2026-06-16\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-JWM3-QCFW-C5PP\n\n## Summary\nAn authenticated security-bypass vulnerability in n8n allows users with workflow creation or modification privileges to bypass the Python AST security validator. By circumventing AST validation logic, attackers can execute arbitrary statements, access the task executor's root module namespace, and disclose sensitive host environment variables on self-hosted instances.\n\n## TL;DR\nAuthenticated users can bypass n8n's Python Code Node AST validator, escaping the execution sandbox to access host environment variables and process namespaces.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-184 / CWE-265\n- **Attack Vector**: Network (Low Privileges)\n- **CVSS Score**: 5.1 (Medium)\n- **EPSS Score**: N/A (No CVE Assigned)\n- **Impact**: Information Disclosure / Sandbox Escape\n- **Exploit Status**: Proof-of-Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- n8n (npm package)\n- n8n self-hosted environments\n- **n8n**: &lt; 2.25.7 (Fixed in: `2.25.7`)\n- **n8n**: &gt;= 2.26.0, &lt; 2.26.2 (Fixed in: `2.26.2`)\n\n## Mitigation\n\n- Upgrade n8n to patched versions (2.25.7 or 2.26.2+)\n- Exclude the Code node globally using NODES_EXCLUDE environment variable\n- Restrict workflow editing permissions to trusted administrator roles only\n- Disable the Python Task Runner execution option entirely if unused\n\n**Remediation Steps:**\n1. Check the currently deployed n8n version via the administration panel or container environment.\n2. Update the n8n container image or npm package to 2.25.7 or 2.26.2 depending on your current branch releases.\n3. Configure your system environment files to include NODES_EXCLUDE=[\"n8n-nodes-base.code\"] if an immediate upgrade is not possible.\n4. Verify that the Python Code node sandbox is updated and that dynamic getattr payloads fail to execute successfully.\n\n## References\n\n- [GitHub Security Advisory GHSA-jwm3-qcfw-c5pp](https://github.com/n8n-io/n8n/security/advisories/GHSA-jwm3-qcfw-c5pp)\n- [n8n Main GitHub Repository](https://github.com/n8n-io/n8n)\n- [GitHub Advisory Database Entry](https://github.com/advisories/GHSA-JWM3-QCFW-C5PP)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-JWM3-QCFW-C5PP) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-17T07:21:45.000000Z"}]}