Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...

The open-source platform is widely used across enterprise environments, leaving thousands of instances at risk.

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...

A critical CVSS 10.0 vulnerability in n8n allows unauthenticated attackers to read files, bypass authentication, and gain ...

CVE-2026-21858, a critical n8n vulnerability, can be exploited for unauthenticated remote code execution, leading to instance ...

Cyera researchers detail critical 'Ni8mare' vulnerability allowing full takeover of n8n instances - SiliconANGLE ...

A compromised n8n instance doesn’t just mean losing one system — it means handing attackers the keys to everything,’ security ...

A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers ...

The vulnerability was fixed in n8n version 1.111.0, with the addition of a task-runner-based native Python implementation ...

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally ...

Unauthenticated RCE means anyone on the network can seize full control A maximum-severity bug in the popular automation ...