N8Scape (Pyodide sandbox escape): 9.9 Critical Post-Auth RCE in n8n (CVE-2025-68668)

Cyera Research Labs disclosed CVE-2025-68668, a critical (CVSS 9.9) sandbox-escape vulnerability in n8n's Pyodide-backed Python Code node that allows low-privileged users to achieve post-auth RCE via ctypes and _pyodide._base.eval_code, enabling credential theft, privilege escalation to admin, and organization-wide compromise; recommended mitigations include disabling Python execution or upgrading to a runner-based (process-isolated) model and the vendor patched the deprecated Pyodide mode.