9 articles tagged with "N8n"
CVE-2026-33660 (CVSS 9.4) lets authenticated users escape n8n's AlaSQL sandbox via the Merge node. Over 615,000 public instances potentially vulnerable.
n8n patches CVE-2026-27577, CVE-2026-27493, and two more sandbox escapes. One flaw allows unauthenticated attackers to execute commands via public form endpoints.
CVE-2025-68613 allows authenticated attackers to execute arbitrary code on n8n workflow servers. CISA gives federal agencies until March 25 to patch.
New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.
CVE-2026-25049 bypasses n8n's previous sandbox fix to enable system command execution. Four additional vulnerabilities disclosed simultaneously.
JFrog discloses CVE-2026-1470 and CVE-2026-0863 in workflow automation platform. Both vulnerabilities enable authenticated remote code execution.
CVE-2025-68668 bypasses Python code restrictions in workflow automation platform. CVSS 9.9 flaw affects versions 1.0.0 through 1.x.
CVE-2026-21858 scores CVSS 10.0 and requires no credentials to exploit. Attackers can read files, forge admin sessions, and execute commands.
CVE-2025-68613 in the workflow automation platform scores CVSS 9.9 with public PoC code now available. Patch to version 1.122.0 immediately.