All news with #n8n tag

🔐 This week's recap highlights how small oversights and automation conveniences have become widespread attack vectors, enabling rapid, large-scale compromise. Key incidents include a maximum-severity RCE in n8n (Ni8mare, CVE-2026-21858) affecting self-hosted instances, the 2M-device Kimwolf Android botnet, and malicious Chrome extensions that exfiltrated AI conversations. The report catalogs numerous trending CVEs and active campaigns, emphasizing that familiar tools and exposed services are the biggest risks today.

🔐 Endor Labs discovered malicious npm packages this week that impersonated community nodes for the n8n workflow automation platform, harvesting OAuth tokens and API keys when installed. The deceptive packages presented legitimate-looking configuration screens while executing code to decrypt credentials from n8n’s credential store and exfiltrate them to attacker-controlled C2 servers. Because n8n treats installed nodes as trusted code with full access to the workflow environment, these packages bypass typical supply-chain monitoring and can perform arbitrary network requests and host interactions. Endor recommends preferring built-in integrations, auditing package source and metadata, monitoring outbound traffic from automation hosts, and using isolated, least-privilege service accounts.

⚠️ Security researchers at Cyera disclosed a critical vulnerability dubbed Ni8mare in the workflow automation platform n8n, enabling remote code execution and potential full environment compromise. The flaw, tracked as CVE-2026-21858, carries a CVSS score of 10.0 and impacts roughly 100,000 servers. The root cause is a Content-Type confusion in webhook processing that lets attackers overwrite internal variables, read arbitrary files and inject malicious payloads. n8n released a patched build (1.121.0); administrators should upgrade immediately and rotate any exposed credentials and tokens.

🔴 Security researchers disclosed a critical vulnerability in the AI workflow automation platform n8n—dubbed “Ni8mare” (CVE-2026-21858)—with a CVSS score of 10.0 that allows remote, unauthenticated attackers to read files and potentially achieve code execution on local instances. The flaw arises from improper webhook parsing of the Content-Type header, letting adversaries control file metadata and local file paths. n8n has issued a patch; users should upgrade to 1.121.0 or later as there are no official workarounds.

⚠️ Researchers at Cyera disclosed a critical vulnerability in n8n (CVE-2026-21858) that allows unauthenticated attackers to read arbitrary local files via content-type parsing confusion and then recreate session cookies to assume any user’s identity. Exploitation can yield administrator privileges and remote code execution through the Execute Command node. The bug was patched in version 1.121.0 on Nov. 18; administrators should update immediately.

⚠️ A maximum-severity vulnerability (CVE-2026-21858, 10/10) lets unauthenticated remote attackers fully compromise self-hosted n8n instances by exploiting a content-type parsing flaw in webhook/form handling. Cyera reports more than 100,000 vulnerable servers. The bug allows attackers to control file metadata in req.body.files, enabling arbitrary file reads, secret exfiltration, session forgery and potential command execution. n8n recommends updating to 1.121.0 and restricting public webhook endpoints.

⚠️ A maximum-severity flaw, CVE-2026-21858 (Ni8mare), in n8n allows unauthenticated remote attackers to read local files, forge administrator sessions, and achieve remote code execution by exploiting a Content-Type parsing confusion that can override req.body.files. The bug affects releases up to and including 1.65.0 and was fixed in 1.121.0 (released November 18, 2025). Operators should upgrade immediately, avoid exposing n8n publicly, and restrict or disable public webhooks and form endpoints until patched.

🔒 n8n has warned of a maximum-severity remote code execution flaw, CVE-2026-21877, rated 10.0 under CVSS. Under certain conditions an authenticated user may cause untrusted code to be executed by the service, potentially allowing full compromise of affected instances. Both self-hosted and n8n Cloud deployments running versions >= 0.123.0 and < 1.121.3 are impacted; the issue is fixed in 1.121.3 (released November 2025). Administrators should upgrade immediately or, if that is not possible, disable the Git node and restrict access for untrusted users.

⚠️ A critical sandbox bypass, CVE-2025-68668 (CVSS 9.9), has been disclosed in n8n, allowing an authenticated user with workflow create/modify permissions to execute arbitrary OS commands on the host running n8n. The flaw resides in the Python Code Node that uses Pyodide and affects n8n versions 1.0.0 up to, but not including, 2.0.0. The issue is resolved in n8n 2.0.0, which makes the task-runner native Python implementation the default. Short-term mitigations include disabling the Code Node, disabling Python in the Code Node, or enabling the task-runner Python sandbox via environment variables.

🔴 A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613, CVSS 9.9) allows expressions supplied by authenticated users to be evaluated in an execution context that is not sufficiently isolated from the runtime. An attacker able to create or edit workflows could abuse this behavior to execute arbitrary code with the privileges of the n8n process, risking full instance compromise, data exposure, and workflow tampering. The flaw affects versions from 0.211.0 up to, but not including, 1.120.4 and has been patched in 1.120.4, 1.121.1, and 1.122.0; apply these updates or restrict workflow editing and harden deployments.

🚀 Deploy the official n8n Docker image to Cloud Run in minutes to run scalable, serverless AI workflows. Cloud Run scales from zero and persists data in Cloud SQL while you only pay for active usage. The post shows how to call Gemini as the agent LLM and optionally connect workflows to Google Workspace via OAuth for Gmail, Calendar, and Drive. For production, follow the n8n docs to add Secrets Manager, Cloud SQL, and Terraform-based deployment.