CISA orders feds to patch n8n RCE flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability.
The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, ...
Bleeping Computer

Critical n8n flaws disclosed along with public exploits

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.
Morningstar

Pillar Security Discovered Critical Flaw in n8n Exposing Hundreds of Thousands of Enterprise AI Systems to Complete Takeover

Pillar Security discovers two critical vulnerabilities (CVSS 10.0) in popular workflow automation platform affecting hundreds of thousands of deployments – enabling attackers to decrypt stored ...
Infosecurity-magazine.com

Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

Researchers at Pillar Security have found two maximum severity vulnerabilities (CVSS score of 10.0) in n8n, a popular open-source workflow automation platform powering hundreds of thousands of ...
Dark Reading

Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

For the second time in less than a month, researchers have uncovered critical vulnerabilities in a key AI workflow automation system that many organizations have begun using to integrate LLMs into ...
Infosecurity-magazine.com

Critical and High Severity n8n Sandbox Flaws Allow RCE

Two serious security flaws affecting the n8n workflow automation platform have exposed weaknesses in the product’s sandboxing mechanisms for JavaScript and Python code. The vulnerabilities, disclosed ...
Hosted on MSN

Thousands of n8n instances under threat from top security issue

Nearly 60,000 n8n instances remain exposed to Ni8mare CVE-2026-21858 flaw Vulnerability allows unauthenticated remote server takeover; fixed in version 1.121.0 Shadowserver found most cases in US, ...
CSOonline

Malicious npm packages target the n8n automation platform in a supply chain attack

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes. The deceptive packages, disguised as ...
blockchain

How to Generate Product UGC Videos with AI and n8n: Step-by-Step Tutorial for 2026

According to God of Prompt on Twitter, businesses can streamline the creation of product user-generated content (UGC) videos by integrating AI video generation tools with the n8n automation platform.
SecurityWeek

Critical Vulnerability Exposes N8n Instances to Takeover Attacks

A critical-severity vulnerability in the n8n workflow automation platform allows attackers to take over vulnerable instances, data security firm Cyera warns. N8n has over 100 million Docker pulls, ...
CSOonline

Critical RCE flaw allows full takeover of n8n AI workflow platform

‘A compromised n8n instance doesn’t just mean losing one system — it means handing attackers the keys to everything,’ security researchers wrote of the 10.0 severity vulnerability. Researchers have ...