Threat Intelligence / CVE / CVE-2026-25115

CVE-2026-25115

CVSS 9.9 (CRITICAL) · EPSS 0.1% · Published 2026-02-04

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-693

Threats tracking this CVE

n8n Multi-CVE Vulnerability Cascade — Expression Sandbox Escape, Pyodide RCE, Arbitrary File Write, Command Injection (9 CVEs, 2× CVSS 10.0) — CRITICAL

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h

Full detection coverage & IOCs for threats exploiting CVE-2026-25115 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence