CVE-2026-42234: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
A code injection vulnerability (CWE-94) exists in n8n workflow automation platform versions prior to 1. 123. 32, 2. 17. 4, and 2. 18. 1. Authenticated users with permission to create or modify workflows containing a Python Code Node can escape the sandbox and execute arbitrary code on the task runner container. This affects only instances where the Python Task Runner is enabled. The vulnerability has been patched in the specified versions.
AI Analysis
Technical Summary
CVE-2026-42234 is a high-severity code injection vulnerability in the n8n platform that allows an authenticated user with workflow modification permissions to bypass sandbox restrictions in Python Code Nodes. This enables arbitrary code execution on the task runner container, potentially compromising the host environment. The issue affects versions before 1.123.32, 2.17.4, and 2.18.1 and only applies if the Python Task Runner feature is enabled. The vendor has released patches in these versions to address the vulnerability.
Potential Impact
Successful exploitation allows an authenticated user with workflow creation or modification privileges to execute arbitrary code on the task runner container, potentially leading to full compromise of that container. This could result in unauthorized access, data manipulation, or disruption of automated workflows. The impact is limited to environments where the Python Task Runner is enabled.
Mitigation Recommendations
This vulnerability has been patched in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to these or later versions to remediate the issue. If upgrading immediately is not possible, restrict permissions to create or modify workflows containing Python Code Nodes and consider disabling the Python Task Runner feature until patched versions can be deployed.
CVE-2026-42234: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
Description
A code injection vulnerability (CWE-94) exists in n8n workflow automation platform versions prior to 1. 123. 32, 2. 17. 4, and 2. 18. 1. Authenticated users with permission to create or modify workflows containing a Python Code Node can escape the sandbox and execute arbitrary code on the task runner container. This affects only instances where the Python Task Runner is enabled. The vulnerability has been patched in the specified versions.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-42234 is a high-severity code injection vulnerability in the n8n platform that allows an authenticated user with workflow modification permissions to bypass sandbox restrictions in Python Code Nodes. This enables arbitrary code execution on the task runner container, potentially compromising the host environment. The issue affects versions before 1.123.32, 2.17.4, and 2.18.1 and only applies if the Python Task Runner feature is enabled. The vendor has released patches in these versions to address the vulnerability.
Potential Impact
Successful exploitation allows an authenticated user with workflow creation or modification privileges to execute arbitrary code on the task runner container, potentially leading to full compromise of that container. This could result in unauthorized access, data manipulation, or disruption of automated workflows. The impact is limited to environments where the Python Task Runner is enabled.
Mitigation Recommendations
This vulnerability has been patched in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to these or later versions to remediate the issue. If upgrading immediately is not possible, restrict permissions to create or modify workflows containing Python Code Nodes and consider disabling the Python Task Runner feature until patched versions can be deployed.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-25T05:37:12.117Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f8eab1cbff5d8610415b8d
Added to database: 5/4/2026, 6:51:29 PM
Last enriched: 5/4/2026, 7:06:29 PM
Last updated: 5/4/2026, 7:53:22 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.