Critical N8n Sandbox Escape Could Lead to Server Compromise

A critical sandbox escape vulnerability in the n8n AI workflow automation platform could allow attackers to execute arbitrary commands on the server, Pillar Security reports.

Tracked as CVE-2026-25049 (CVSS score of 9.4), the issue impacts the manner in which the n8n sandbox’s sanitization routine evaluates JavaScript expressions.

Pillar discovered that the sandbox’s sanitizer could be bypassed via JavaScript expressions that contained properties with a template literal, and via arrow functions and specific stack frame objects that would return real global objects.

These weaknesses in implementation allowed the security firm to escape the n8n sandbox and achieve command execution on the server.

The attack, Pillar says, led to full server compromise, allowing access to all environment variables, stored credentials, API and cloud keys, OAuth tokens, and configuration files.

Armed with the compromised secrets, an attacker could access connected cloud accounts, hijack AI pipelines and redirect traffic, and access ...