CVE-2026-42234 — HIGH (CVSS 7.5) AI Security Vulnerability

Q: What is CVE-2026-42234?

n8n has a Python Task Runner Sandbox Escape Vulnerability

Q: Is CVE-2026-42234 actively exploited?

No confirmed active exploitation of CVE-2026-42234 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-42234?

Update to patched version: n8n 1.123.32.

Q: What is the CVSS score for CVE-2026-42234?

CVE-2026-42234 has a CVSS v3.1 base score of 7.5 (HIGH).

## Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. ## Patches The issue...

Full CISO analysis pending enrichment.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
n8n	npm	< 1.123.32	`1.123.32`
185.6K OpenSSF 6.0 16 dependents Pushed 4d ago 38% patched ~1d to patch Full package profile →

Do you use n8n? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C None

I None

A High

Recommended Action

Patch available

Update n8n to version 1.123.32

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-42234?

n8n has a Python Task Runner Sandbox Escape Vulnerability

Is CVE-2026-42234 actively exploited?

No confirmed active exploitation of CVE-2026-42234 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-42234?

Update to patched version: n8n 1.123.32.

What is the CVSS score for CVE-2026-42234?

CVE-2026-42234 has a CVSS v3.1 base score of 7.5 (HIGH).

Technical Details

NVD Description

## Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. ## Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only. - Disable the Python Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable, or disable the Python Task Runner entirely. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.