Two vulnerabilities in the n8n platform can allow attacks to execute arbitrary code.

Two severe vulnerabilities in the n8n workflow automation platform allow attackers to escape JavaScript and Python sandboxes to execute arbitrary code. The core issue lies in weaknesses within n8n’s AST‑based sanitization logic, including support for deprecated JavaScript statements and Python exception‑handling behaviors. Exploitation enables full takeover of affected instances, especially when running under “Internal” execution mode.

Read more:

https://www.securityweek.com/n8n-vulnerabilities-could-lead-to-remote-code-execution/