Bug Bounty And Vuln HuntingVulnerability

n8n sandbox bypass remote code execution

April 4, 2026Qualys

Qualys reports a critical n8n vulnerability (CVE-2026-33660) where authenticated attackers can bypass sandboxing and execute arbitrary commands, a major risk for automation workflows that often run with broad integrations.

Open in PulseSee the full expert discussion →

QUOTES

A critical remote code execution vulnerability has been identified in n8n, the popular open-source workflow automation tool.

Tracked as CVE-2026-33660 with a CVSS score of 9.4, this flaw allows authenticated attackers to bypass sandboxing and execute arbitrary commands

VOICES

Qualys

RELATED TERMS

cveworkflow automationrcecveopen sourcecode execution

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer OpenClaw privilege escalation via pair approve command DarkSword/Coruna iOS exploit kits expanding beyond nation-state use

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security