SecurityWeek

N8n Vulnerabilities Could Lead to Remote Code Execution

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
Infosecurity Magazine

Critical and High Severity n8n Sandbox Flaws Allow RCE

Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers ...
The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run ...
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth ...
MUO on MSN

This is the simplest way to self-host automations without breaking them

Build automations that will last a long time.
Bleeping Computer

Microsoft fixes Windows bug breaking localhost HTTP connections

Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. This bug affects both Windows 11 and Windows ...