The vulnerability identified as CVE-2026-27494 affects the n8n open source workflow automation platform, specifically its Python Code node component. Prior to patched versions 2.10.1, 2.9.3, and 1.123.22, the sandbox environment designed to isolate Python code execution was insufficiently restrictive. Authenticated users with permissions to create or modify workflows could exploit this flaw to escape the sandbox by accessing certain built-in Python objects that should have been blocked. This escape enables attackers to read arbitrary files on the host system or execute arbitrary code remotely. The impact varies depending on the Task Runner configuration: with the default internal Task Runner, attackers can fully compromise the host machine running n8n; with external Task Runners enabled via the environment variable N8N_RUNNERS_ENABLED=true, attackers may interfere with or access other tasks running on the Task Runner. The vulnerability requires only authenticated access with workflow editing rights, no additional user interaction or elevated privileges are necessary. The CVSS 4.0 base score is 7.1 (high), reflecting network attack vector, low attack complexity, no privileges required beyond workflow editing, and high confidentiality impact. The issue has been addressed by restricting access to sensitive Python objects in the sandbox in the fixed versions. Until upgrading, administrators are advised to limit workflow creation/modification permissions to fully trusted users and/or disable the Python Code node via the NODES_EXCLUDE environment variable, though these are partial mitigations.

This vulnerability poses a significant risk to organizations using n8n for workflow automation, particularly those exposing the platform to multiple users or integrating sensitive systems. Exploitation can lead to unauthorized disclosure of sensitive files, potentially leaking credentials, configuration files, or business-critical data. Remote code execution can allow attackers to take full control of the host system when using internal Task Runners, leading to lateral movement, data exfiltration, or deployment of further malware. For setups with external Task Runners, attackers might disrupt or compromise other workflows, impacting business processes and service availability. The ease of exploitation by any authenticated user with workflow editing rights increases the threat surface, especially in environments with insufficient access controls. Organizations relying on n8n in production environments face risks of operational disruption, data breaches, and compliance violations if this vulnerability is exploited.

The primary mitigation is to upgrade n8n to versions 2.10.1, 2.9.3, or 1.123.22 or later, which contain the patch restricting Python sandbox escape. Until upgrades can be performed, organizations should strictly limit workflow creation and modification permissions to a minimal set of fully trusted users to reduce the risk of exploitation. Additionally, disabling the Python Code node by adding 'n8n-nodes-base.code' to the NODES_EXCLUDE environment variable can prevent use of the vulnerable component, though this may impact legitimate workflows and does not fully eliminate risk. Monitoring workflow changes and audit logs for suspicious activity is recommended. Network segmentation and host-based controls should be employed to limit the impact of potential host compromise. Regular backups and incident response plans should be prepared to respond to any exploitation attempts. Finally, organizations should review Task Runner configurations and consider isolating or hardening these components to reduce cross-task risks.