Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-68668

Good to know:

icon
icon

Date: December 26, 2025

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "["n8n-nodes-base.code"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.

Severity Score

Related Resources (4)

https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v
https://nvd.nist.gov/vuln/detail/CVE-2025-68668
https://github.com/n8n-io/n8n
https://www.mend.io/vulnerability-database/CVE-2025-68668

Severity Score

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Top Fix

icon

Upgrade Version

Upgrade to version n8n - 2.0.0;https://github.com/n8n-io/n8n.git - n8n@2.0.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us