Researchers at Pillar Security have found two new critical vulnerabilities in self-hosted and cloud n8n deployments. N8n is a popular open-source workflow automation platform powering hundreds of ...

The bugs allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers. Two critical-severity vulnerabilities in n8n could have been exploited for ...

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass affects internal‑mode deployments common in enterprise setups. Two critical ...

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. Two critical- and high-severity vulnerabilities in the n8n AI workflow automation ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

Two serious security flaws affecting the n8n workflow automation platform have exposed weaknesses in the product’s sandboxing mechanisms for JavaScript and Python code. The vulnerabilities, disclosed ...

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." n8n is an open-source workflow automation platform that allows users to connect ...

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes. The deceptive packages, disguised as ...