The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.
GIGAZINE

A vulnerability was discovered in the workflow automation tool 'n8n' that allows attackers to execute remote code without authentication

A research team at data security platform Cyera has discovered a critical vulnerability in n8n, a no-code workflow automation tool, called ' Ni8mare ( CVE-2026-21858), ' which allows remote code ...

Automation tool n8n: Updates patch code injection flaws

In the automation tool n8n, eleven security vulnerabilities have been discovered. Three of these are considered critical risks. Admins should update quickly.
Bleeping Computer

Max severity Ni8mare flaw lets hackers hijack n8n servers

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. The security issue ...
Infosecurity-magazine.com

Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers

Security experts have warned of a critical new vulnerability in popular AI workflow automation platform n8n that could enable adversaries to take over locally deployed instances and compromise ...