Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.

Pillar Security discovers two critical vulnerabilities (CVSS 10.0) in popular workflow automation platform affecting hundreds of thousands of deployments – enabling attackers to decrypt stored ...

Researchers at Pillar Security have found two maximum severity vulnerabilities (CVSS score of 10.0) in n8n, a popular open-source workflow automation platform powering hundreds of thousands of ...

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass affects internal‑mode deployments common in enterprise setups. Two critical ...

For the second time in less than a month, researchers have uncovered critical vulnerabilities in a key AI workflow automation system that many organizations have begun using to integrate LLMs into ...

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. Two critical- and high-severity vulnerabilities in the n8n AI workflow automation ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

Two serious security flaws affecting the n8n workflow automation platform have exposed weaknesses in the product’s sandboxing mechanisms for JavaScript and Python code. The vulnerabilities, disclosed ...

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. Shachar Menashe, ...

Nearly 60,000 n8n instances remain exposed to Ni8mare CVE-2026-21858 flaw Vulnerability allows unauthenticated remote server takeover; fixed in version 1.121.0 Shadowserver found most cases in US, ...

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes. The deceptive packages, disguised as ...