Researchers have disclosed two severe sandbox escape vulnerabilities in n8n that could let attackers execute arbitrary code on affected systems, according to reporting by Infosecurity Magazine. The flaws were rated critical and high severity and affect n8n’s code execution environment, which is meant to isolate user-supplied logic inside workflows. n8n has released patches to address the issues.
The report identified the flaws as CVE-2024-2902 and CVE-2024-2903, with patches available in versions 1.39.0 and 1.38.1. There was no evidence of active exploitation, but the bug class is serious because n8n is widely used to connect internal systems, SaaS apps, databases, and cloud services. In many deployments, the platform stores API keys, OAuth tokens, database credentials, and other secrets needed to run automated tasks. A sandbox bypass in that setting can turn a workflow tool into a foothold for broader compromise.
For an attack to work, an adversary would likely need a way to create or modify workflows, or otherwise influence code executed by n8n. If successful, the flaws could allow commands to run on the underlying host, expose stored secrets, alter workflow logic, or provide a pivot into connected systems. That risk is especially acute for self-hosted instances exposed to the internet or configured with broad access to internal services.
Organizations running n8n should apply the vendor’s fixes as soon as possible, review who can author or edit workflows, and check logs for unusual workflow changes or signs of unexpected process execution. Teams that suspect exposure should also consider rotating credentials stored in the platform and isolating the service from sensitive network segments. Using a VPN does not mitigate the flaw itself, but restricting administrative access to trusted networks can reduce attack surface.
The disclosure is another reminder that automation platforms are attractive targets because they combine code execution, privileged credentials, and deep integration with business systems. When sandbox protections fail, the blast radius can extend well beyond the application itself.
