CVE-2026-42234 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 6, 2026
n8n - Remote Code Execution
Published: May 4, 2026Updated: May 6, 2026Remote Exploitable
Overview
n8n < 1.123.32, 2.17.4, and 2.18.1 contains a remote code execution caused by sandbox escape in Python Code Node on the task runner container, letting authenticated users with workflow modification permissions execute arbitrary code, exploit requires Python Task Runner enabled.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated users can execute arbitrary code on the task runner container, potentially compromising the system.
Mitigation
Update to versions 1.123.32, 2.17.4, or 2.18.1 or later.
Related Resources
Details
- CVE ID
- CVE-2026-42234
- Severity
- High
- CVSS Score
- 8.8
- Type
- remote_code_execution
- Status
- confirmed
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H