SecurityWeek

Critical Vulnerability Exposes n8n Instances to Takeover Attacks

CVE-2026-21858, a critical n8n vulnerability, can be exploited for unauthenticated remote code execution, leading to instance ...

Max severity Ni8mare flaw impacts nearly 60,000 n8n instances

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." ...
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...

Cyera researchers detail critical ‘Ni8mare’ vulnerability allowing full takeover of n8n instances

Cyera researchers detail critical 'Ni8mare' vulnerability allowing full takeover of n8n instances - SiliconANGLE ...
CSO Online

Malicious npm packages target the n8n automation platform in a supply chain attack

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...
The Hacker News

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to ...