n8n is an open-source workflow automation platform that allows users to create complex workflows integrating various services. Versions from 1.0.0 to before 2.0.0 contain a critical vulnerability (CVE-2025-68668) in the Python Code Node, which leverages Pyodide to execute Python code within workflows. The vulnerability is a sandbox bypass (CWE-693), meaning the intended isolation of Python code execution is ineffective, allowing an authenticated user with permissions to create or modify workflows to execute arbitrary commands directly on the host operating system. This execution occurs with the same privileges as the n8n process, which could be significant depending on deployment context. The vulnerability does not require user interaction and can be exploited remotely if the attacker has the necessary permissions. The issue was addressed in n8n version 2.0.0 by improving sandboxing mechanisms. Until upgrading, mitigations include disabling the vulnerable Code Node entirely by setting the environment variable NODES_EXCLUDE to exclude "n8n-nodes-base.code", disabling Python support in the Code Node via N8N_PYTHON_ENABLED=false (introduced in version 1.104.0), or configuring n8n to use a task runner-based Python sandbox through environment variables N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER. No known exploits are reported in the wild yet, but the high CVSS score (9.9) reflects the critical nature of the vulnerability due to its potential for full host compromise.

For European organizations, this vulnerability poses a severe risk as it allows authenticated users to execute arbitrary commands on the host system running n8n, potentially leading to full system compromise, data exfiltration, or lateral movement within the network. Given that n8n is used for workflow automation, attackers could manipulate business-critical processes or inject malicious workflows. The impact on confidentiality is high because attackers can access sensitive data on the host. Integrity is compromised as attackers can alter workflows or system files, and availability may be affected if attackers disrupt or disable n8n services or the underlying host. Organizations relying on n8n for automation in regulated sectors such as finance, healthcare, or government within Europe could face compliance violations and significant operational disruptions. The ease of exploitation by any authenticated user with workflow modification rights increases the threat, especially in environments with weak access controls or compromised user accounts.

European organizations should immediately upgrade n8n to version 2.0.0 or later to fully remediate this vulnerability. If immediate upgrading is not feasible, apply the following mitigations: disable the Python Code Node by setting the environment variable NODES_EXCLUDE to exclude "n8n-nodes-base.code"; disable Python support in the Code Node by setting N8N_PYTHON_ENABLED=false (available since version 1.104.0); configure n8n to use the task runner-based Python sandbox by enabling N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. Additionally, restrict workflow creation and modification permissions to trusted users only, implement strong authentication and access controls, and monitor workflow changes and system logs for suspicious activity. Network segmentation and limiting access to the n8n management interface can reduce exposure. Regularly audit deployed n8n versions and configurations to ensure compliance with security best practices.