CVE-2026-0863
Published: 18 January 2026
Summary
CVE-2026-0863 is a high-severity Eval Injection (CWE-95) vulnerability in N8N N8N. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation through vendor patches, directly mitigating the specific sandbox escape vulnerability in n8n's python-task-executor.
Validates information inputs to the Code block, neutralizing directives in dynamically evaluated Python code to prevent injection via string formatting.
Implements secure error handling to avoid bypass of sandbox restrictions through exception handling exploitation in the python-task-executor.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct sandbox escape enabling arbitrary unrestricted Python code execution via the Code block (CWE-94/95).
NVD Description
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic…
more
permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
Deeper analysisAI
CVE-2026-0863 is a sandbox escape vulnerability in n8n's python-task-executor component, where attackers can use string formatting and exception handling to bypass restrictions and execute arbitrary unrestricted Python code on the underlying operating system. The vulnerability affects the n8n workflow automation tool, particularly its Code block functionality. It carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code) and CWE-94 (Improper Control of Generation of Code).
An authenticated user with basic permissions can exploit the vulnerability via the Code block. On n8n instances operating in "Internal" execution mode, successful exploitation leads to full instance takeover. In "External" execution mode, such as with n8n's official Docker image, arbitrary code execution is confined to a Sidecar container rather than the main node, significantly reducing the potential impact.
Mitigation details are provided in vendor and researcher advisories, including a patch commit in the n8n GitHub repository (b73a4283cb14e0f27ce19692326f362c7bf3da02) and analyses from JFrog Research (JFSA-2026-001651077) and SmartKeys.
Details
- CWE(s)