PatchSiren cyber security CVE debrief

CVE-2026-49444 n8n-io CVE debrief

CVE-2026-49444 is a high-severity vulnerability in the n8n workflow automation platform. An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in versions 1.123.48, 2.21.8, and 2.22.4. The vulnerability has a CVSS score of 7.1 and is considered high severity. The CVE was published on June 23, 2026, and last modified on June 26, 2026.

Vendor: n8n-io
Product: n8n
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-23
Original CVE updated: 2026-06-26
Advisory published: 2026-06-23
Advisory updated: 2026-06-26

Who should care

Users of the n8n workflow automation platform should be aware of this vulnerability and take steps to mitigate it. Specifically, administrators of n8n installations should prioritize patching to versions 1.123.48, 2.21.8, or 2.22.4 to prevent potential code execution. This vulnerability requires authentication and specific permissions, but could still have significant impacts if exploited.

Technical summary

The n8n workflow automation platform has a vulnerability that allows authenticated users with specific permissions to escape the sandbox in Python Code Nodes and execute arbitrary code on the task runner container. The issue arises from insufficient sandboxing in the Python Code Node. Successful exploitation requires the attacker to have permission to create or modify workflows containing Python Code Nodes. The vulnerability is addressed in versions 1.123.48, 2.21.8, and 2.22.4 through improved sandboxing controls. The CVSS v4.0 vector for this vulnerability is AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Patching to fixed versions is the primary recommended action. Administrators should ensure that only authorized users have the necessary permissions to create or modify workflows with Python Code Nodes.

Recommended defensive actions

Patch n8n installations to versions 1.123.48, 2.21.8, or 2.22.4.
Review and limit permissions for users who can create or modify workflows with Python Code Nodes.
Monitor workflow execution logs for suspicious activity.
Consider implementing additional compensating controls such as network segmentation or stricter access controls.
Regularly review and update workflows to ensure they do not contain malicious code.

Evidence notes

The CVE and NVD provide official details on this vulnerability. The CVE record and NVD entry both confirm the existence and details of CVE-2026-49444. A vendor advisory from GitHub also provides mitigation information.

Official resources

CVE-2026-49444 CVE record
CVE.org
CVE-2026-49444 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory

This article is AI-assisted and based on the supplied source corpus.