Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Arbitrary Code Execution in n8n project, Patch Immediately!
Image
Published : 09/01/2026
* Last update: 09/01/2026
* Affected software:: n8n
* Type: Arbitrary Code Execution
* CVE/CVSS: CVE-2025-68668: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)
Sources
Github https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v
Risks
A newly discovered vulnerability in n8n project allows attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations.
n8n is a free open-source workflow automation platform that allows users to connect apps, services, and APIs visually through a node-based interface to automate tasks and processes. It’s widely used by developers, DevOps, and businesses.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses
Description
A critical security vulnerability, CVE-2025-68668, affects n8n versions 1.0.0 before 2.0.0. This flaw in the Python Code Node's Pyodide sandbox allows authenticated attackers with workflow edit access to execute arbitrary commands on the host system, using the same privileges as the n8n process.
Attackers can exploit this bypass to run system commands, compromising the host with n8n privileges. Fixed in 2.0.0.
Workaround until patch deployment:
- Disable the Code Node via NODES_EXCLUDE.
- Set N8N_PYTHON_ENABLED=false.
- Configure task runner sandbox with N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Github https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v
N8n Blocking access to nodes https://docs.n8n.io/hosting/securing/blocking-nodes/
Code Node (Python) https://docs.n8n.io/code/code-node/#python-native
Task Runners https://docs.n8n.io/hosting/configuration/task-runners/