All news with #n8n tag

🔍 Intruder scanned over 1 million exposed AI services and found pervasive, critical misconfigurations and insecure defaults. Many deployments were reachable with no authentication, exposing chat histories, API keys, and management consoles. Exposed agent platforms (including n8n and Flowise) and thousands of Ollama APIs responded without auth, some wrapping paid frontier models. The findings highlight insecure-by-design defaults, hardcoded credentials, and real risks of code execution, data exfiltration, and abuse.

🔍 Cisco Talos’ Q1 2026 vulnerability pulse shows steady Known Exploited Vulnerabilities (KEVs) overall, while networking equipment comprised roughly 20% of KEV-related flaws and may rise further. Overall CVE disclosures climbed in Q1, with March being the steepest month, and Talos flagged 121 CVEs with AI relevance. The report stresses persistent patch-management gaps, growing software supply chain compromises, and a surge in abuse of the n8n automation platform where exposed webhooks are weaponized to deliver malware and fingerprint devices.

⚠️ Cisco Talos researchers report that threat actors have abused n8n managed cloud webhooks since October 2025 to deliver malicious payloads and fingerprint devices via email. Attackers embed URLs on the shared *.app.n8n.cloud subdomain so returned HTML executes in recipients' browsers, sometimes prompting a CAPTCHA that triggers JavaScript-initiated downloads. Observed campaigns delivered modified RMM installers for persistence and used invisible tracking pixels to confirm opens, with message volume jumping sharply by March 2026.

⚠️ Cisco Talos details how attackers are misusing the AI workflow automation platform n8n to run sophisticated phishing and malware campaigns. Between October 2025 and March 2026, researchers observed a sharp increase in emails containing n8n webhook URLs that serve dynamic HTML payloads and CAPTCHA-protected bait to initiate downloads. These flows mask malicious payloads behind trusted domains and have been used to deploy modified RMM tools and to fingerprint recipients. Talos urges behavioral detection, IOC sharing, and AI-enhanced email defenses to mitigate this abuse.

⚠️ Researchers at Pillar Security disclosed two critical vulnerabilities in both self-hosted and cloud n8n deployments that can yield complete server compromise without any user interaction. The most severe, CVE-2026-27493, is an unauthenticated zero-click flaw in Form nodes that enables expression injection through public form endpoints; CVE-2026-27577 is a sandbox escape in the expression compiler enabling remote code execution. n8n issued patches and automated cloud mitigations; self-hosted users should upgrade to the recommended versions and rotate all stored credentials if a vulnerable workflow was exposed.

⚠️n8n's critical expression-injection flaw, tracked as CVE-2025-68613 (CVSS 9.9), has been added to CISA's Known Exploited Vulnerabilities catalog following evidence of active exploitation. The issue allows an authenticated attacker to perform remote code execution via the workflow expression evaluation system, risking full instance compromise. n8n issued fixes in December 2025 (1.120.4, 1.121.1, 1.122.0), but thousands of instances remain exposed online.

🔔 CISA has ordered federal agencies to patch an actively exploited remote code execution flaw in n8n, tracked as CVE-2025-68613, which permits authenticated attackers to run arbitrary code with the n8n process's privileges. The n8n team released n8n v1.122.0 in December to address the issue and urges immediate upgrades; temporary mitigations include restricting workflow creation/editing, limiting OS privileges, and reducing network access. Shadowserver reports over 40,000 exposed instances globally, prompting a March 25 remediation deadline for federal civilian agencies under BOD 22-01.

⚠️ Cybersecurity researchers disclosed multiple critical vulnerabilities in the n8n workflow automation platform that can lead to remote code execution and the exposure of stored credentials. The principal issues include an expression sandbox escape (CVE-2026-27577) and an unauthenticated Form-node expression injection (CVE-2026-27493). n8n has released fixes in 1.123.22, 2.9.3 and 2.10.1 and recommends immediate patching; short-term mitigations and node exclusions are available for users who cannot upgrade immediately.

⚠️ CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation involving n8n. The issue is classified as an Improper Control of Dynamically-Managed Code Resources vulnerability and poses elevated risk to enterprise environments. CISA reminds Federal Civilian Executive Branch agencies that BOD 22-01 mandates remediation of KEV entries and strongly urges all organizations to prioritize timely patching and mitigation to reduce exposure.

⚠️ Researchers at Imperva disclosed a configuration weakness in the OAuth credential handling of n8n that fails to sanitize the authorization URL, enabling a stored XSS payload to be saved in the application database. An attacker with access to a victim's n8n instance can replace a legitimate URL with malicious JavaScript that executes when other users interact with the same credential. Because the payload is persistent, it can expose multiple OAuth credentials and enable broader system compromise. The flaw was fixed in n8n v2.6.4 on February 6.

🔒 Security researchers at Upwind disclosed six vulnerabilities in n8n, four rated critical (CVSS 9.4), that enable remote code execution, command injection, arbitrary file access and cross-site scripting. The flaws target how n8n sandboxes user processes and protect the host, making multi-user and shared deployments especially dangerous. Administrators and developers should update to the latest release, audit extensions, and treat web-exposed instances with heightened caution.

⚠️A critical vulnerability (CVE-2026-25049, CVSS 9.4) in the n8n workflow automation platform can allow authenticated users with workflow edit rights to execute arbitrary system commands by abusing expression evaluation. The flaw bypasses prior fixes for CVE-2025-68613 and can be triggered by crafted expressions — including a single-line JavaScript destructuring payload — that escape the expression sandbox. Affected releases are <1.123.17 (fixed in 1.123.17) and <2.5.2 (fixed in 2.5.2). Operators should apply the updates immediately or, if patching is not possible, restrict workflow creation to trusted users and harden host and network privileges.

🔒 Multiple critical vulnerabilities in the open-source workflow platform n8n (tracked as CVE-2026-25049) allow any authenticated user who can create or edit workflows to escape sandboxing and execute arbitrary code on the host server. Independent researchers at Pillar Security, Endor Labs and SecureLayer7 identified sanitization and AST-sandboxing bypasses — including a type-confusion issue and Function-constructor exploits — enabling access to Node.js globals, the filesystem, credentials and connected cloud accounts. n8n released fixes (notably 2.4.0, later 2.5.2 and 1.123.17) and recommends immediate patching, rotating the N8N_ENCRYPTION_KEY and stored credentials, and limiting workflow creation until environments are hardened.

🔒 Pillar Security identified two maximum-severity sandbox escape vulnerabilities in the n8n workflow automation platform that allow any authenticated user to gain full server control and exfiltrate stored credentials (API keys, cloud keys, database passwords and OAuth tokens) on both self-hosted and cloud instances. The first flaw was patched by n8n, but researchers found a bypass within 24 hours, prompting the vendor to release n8n v2.4.0 in January 2026. Immediate mitigation steps include upgrading to 2.4.0, rotating the n8n encryption key and all stored credentials, auditing workflows for suspicious expressions and monitoring AI-related outbound activity.

⚠️Two critical sandbox escape vulnerabilities in n8n allow authenticated users to achieve remote code execution on affected instances. JFrog researchers reported that flaws in the JavaScript expression engine and the Python Code node can bypass sandboxing protections, exposing workflow engines to host-level compromise. The JavaScript issue stems from a missed edge case in AST-based sanitization when expressions are passed to a Function constructor; the Python escape affects Internal execution mode. Both flaws carry high severity and have been patched—organizations should update to the specified releases and restrict who can create or edit workflows until upgrades are applied.

⚠️Two vulnerabilities in n8n sandboxing allow authenticated users to achieve remote code execution by bypassing JavaScript and Python sandbox controls. JFrog Security Research disclosed CVE-2026-1470 (CVSS 9.9) affecting the JavaScript expression engine and CVE-2026-0863 (CVSS 8.5) targeting Python execution in the Code node. Both issues exploit gaps in AST validation and require the ability to create or modify workflows, enabling attackers to access environment variables and run system-level commands. Users should upgrade immediately to the patched releases listed by the vendor.

⚠️ Researchers disclosed two high-severity eval-injection vulnerabilities in n8n that can bypass sandboxing and enable remote code execution. JFrog Security Research identified CVE-2026-1470 (JavaScript eval, CVSS 9.9) and CVE-2026-0863 (Python eval, CVSS 8.5), which can compromise instances even in internal execution mode. Users should update to the patched releases listed by the vendor without delay.

🚨 A critical remote code execution vulnerability, CVE-2026-21858 (CVSS 10.0), has been disclosed in n8n, allowing attackers to fully compromise locally deployed instances. Researchers estimate roughly 100,000 servers are affected and there are no official workarounds available. The n8n project has released a patched build; users must upgrade to n8n version 1.121.0 or later to remediate the issue. Administrators should prioritize patching and follow vendor advisories immediately.

🔒 Researchers found eight malicious npm packages impersonating n8n community nodes that were designed to steal developers' OAuth credentials. The packages mimicked legitimate integrations (for example, Google Ads), saved encrypted OAuth tokens to n8n's credential store, then used the instance master key at runtime to decrypt and exfiltrate tokens to attacker-controlled servers. Analysts urge disabling community nodes and auditing packages before installation.

⚠️ A maximum-severity flaw dubbed Ni8mare (CVE-2026-21858) affects n8n and can allow unauthenticated remote attackers to take control of local instances by exploiting improper input validation in Form Submission triggers. Researchers say the bug enables secret exfiltration, session forgery, file injection, and command execution. Administrators should upgrade to n8n 1.121.0 immediately or restrict public webhook/form endpoints as a temporary mitigation.