CSOonline

Malicious npm packages target the n8n automation platform in a supply chain attack

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes. The deceptive packages, disguised as ...
Bleeping Computer

Max severity Ni8mare flaw lets hackers hijack n8n servers

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. The security issue ...
Infosecurity-magazine.com

Critical Zero-Click Flaw in n8n Allows Full Server Compromise

Researchers at Pillar Security have found two new critical vulnerabilities in self-hosted and cloud n8n deployments. N8n is a popular open-source workflow automation platform powering hundreds of ...
CSOonline

OAuth vulnerability in n8n automation platform could lead to system compromise

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered. Setting up OAuth allows n8n to connect ...