sounds about right.

Three critical vulnerabilities (all rated 9.9+) were discovered in n8n, a workflow automation platform. All three allow authenticated attackers to achieve remote code execution: one through improper control of dynamically managed code using constructor injection, another via sandbox bypass in the Python code node using Pyodide, and a third through unrestricted file upload in the git node. The core issue stems from the difficulty of properly sandboxing arbitrary code execution across multiple workflow nodes, especially when using blacklist-based rather than whitelist-based security approaches.