Critical n8n flaws discovered - here's how to stay safe

A previously published patch left a gaping hole that crooks will happily exploit.
The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
Infosecurity Magazine

Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
Bleeping Computer

Max severity Ni8mare flaw lets hackers hijack n8n servers

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. The security issue ...
CSOonline

Malicious npm packages target the n8n automation platform in a supply chain attack

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes. The deceptive packages, disguised as ...