CVE-2026-25115 is a critical security vulnerability affecting n8n, an open source workflow automation platform. This vulnerability allows authenticated users to break out of the Python Code node's sandbox environment, potentially executing code outside the intended security boundaries. The CVSS score for this vulnerability is 9.4, indicating a critical severity level that necessitates immediate attention from organizations using n8n. The urgency for defenders is underscored by the possibility of unauthorized code execution, which can lead to severe implications for data confidentiality, integrity, and availability.
Organizations should prioritize patching immediately, as this vulnerability has been patched in version 2.4.8 of n8n. Failure to address this vulnerability could expose systems to potential exploitation by authenticated users, thereby compromising the security of the automation workflows.
The vulnerability was published on February 4, 2026, and has been analyzed for its impact. The exploitability of this vulnerability is rated as critical, emphasizing the need for swift remediation.
In addition, the EPSS score for this vulnerability indicates a low probability of exploitation at this time. However, given the critical nature of the vulnerability, organizations should not rely solely on this metric and should take immediate action to implement the available patches.
For further insights, organizations may refer to the vendor advisory available on GitHub.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)