A critical new security vulnerability has been disclosed in n8n, an open source workflow automation platform, that could allow an authenticated attacker to execute arbitrary system commands on the underlying host.
This vulnerability is tracked as CVE-2025-68668 and is rated 9.9 on the CVSS scoring system. This is described as a case of failure of a protection mechanism.
This affects n8n versions from 1.0.0 to 2.0.0 and allows authenticated users with privileges to create or modify workflows to execute arbitrary operating system commands on hosts running n8n. This issue was resolved in version 2.0.0.
The advisory for this flaw states: “A sandbox bypass vulnerability exists in Python code nodes that use Pyodide.” “An authenticated user with privileges to create or modify workflows could exploit this vulnerability to execute arbitrary commands on a host system running n8n with the same privileges as the n8n process.”
N8n said that in version 1.111.0 it introduced a task runner-based native Python implementation as an optional feature to enhance security isolation. This feature can be enabled by configuring the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. With the release of version 2.0.0, this implementation is now the default.
As a workaround, n8n recommends users to follow the steps below.
Disable the code node by setting the environment variable NODES_EXCLUDE: “[\”n8n-nodes-base.code\”]” Disable Python support in the code node by setting the environment variable N8N_PYTHON_ENABLED=false. Configure n8n to use the task runner-based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
This disclosure comes after n8n addressed another critical vulnerability (CVE-2025-68613, CVSS score: 9.9) that could lead to arbitrary code execution under certain circumstances.
Source link
