A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, ...

It's a lifesaver.

New flaw in n8n (CVE-2026-25049) allows unauthenticated users to run arbitrary commands on servers Vulnerability risks theft of secrets (API keys, OAuth tokens) and cross-tenant data exposure Patch ...

Researchers at Pillar Security have found two maximum severity vulnerabilities (CVSS score of 10.0) in n8n, a popular open-source workflow automation platform powering hundreds of thousands of ...

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. Two critical- and high-severity vulnerabilities in the n8n AI workflow automation ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

Two serious security flaws affecting the n8n workflow automation platform have exposed weaknesses in the product’s sandboxing mechanisms for JavaScript and Python code. The vulnerabilities, disclosed ...

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." n8n is an open-source workflow automation platform that allows users to connect ...

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth ...

A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn't even require logging in. The ...

CVE-2025-68668 in n8n’s Python Code Node enables arbitrary system command execution Attackers with workflow permissions can bypass Pyodide sandbox, risking malware, data theft, and system compromise ...

A critical-severity vulnerability in the n8n workflow automation platform allows attackers to take over vulnerable instances, data security firm Cyera warns. N8n has over 100 million Docker pulls, ...