A critical sandbox escape vulnerability has been identified in multiple products from the vendor 'Using'. This flaw allows an attacker to bypass security restrictions within the application's Python execution environment, enabling them to run arbitrary code on the underlying server, which could lead to a complete system compromise, data theft, or further network intrusion.

The vulnerability exists within the n8n python-task-executor, which is designed to run user-supplied Python code in a restricted sandbox environment. An attacker can craft a malicious Python script that leverages a combination of specific string formatting techniques and exception handling. This specially crafted input exploits a flaw in the sandbox's validation logic, allowing the code to break out of the intended restrictions and execute arbitrary commands with the permissions of the application service on the host operating system.

This vulnerability is rated as High severity with a CVSS score of 8.5. Successful exploitation results in remote code execution (RCE) on the server hosting the affected application. This could allow an attacker to steal sensitive data processed by the application, install ransomware or other malware, modify or delete critical system files, and use the compromised server as a pivot point to attack other systems within the corporate network. The potential consequences include significant data breaches, operational downtime, financial loss, and reputational damage.

Immediate Action: Organizations must apply the security updates provided by the vendor across all affected products immediately. The vendor's patch directly addresses the sandbox escape flaw, preventing the execution of unauthorized code. After patching, review application and system logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes reviewing application logs for unusually complex or obfuscated Python code submissions, monitoring for unexpected processes spawned by the application service (e.g., shells, network utilities like curl or wget), and scrutinizing network traffic for anomalous outbound connections from the application server.

Compensating Controls: If immediate patching is not feasible, the following controls can help reduce risk:

• Restrict network access to the application interface, allowing connections only from trusted IP addresses.
• Run the application in a hardened, isolated environment (e.g., a minimal Docker container with strict egress filtering) to limit the impact of a potential compromise.
• Implement a Web Application Firewall (WAF) with custom rules to detect and block code patterns associated with sandbox escape techniques.

Public Exploit Available: false

This is a high-severity vulnerability that exposes the organization to the risk of a full system compromise. The primary and most effective mitigation is to apply the vendor-provided security patches immediately. Although CVE-2026-0863 is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical impact necessitates an urgent response. Organizations must prioritize patching this vulnerability to prevent potential exploitation and protect critical systems and data.