Cybernews

When workflows go rogue: critical n8n vulnerability opens door to system commands

The flaw allows authenticated n8n users with workflow-creation or modification permissions to bypass the intended security sandbox.
The Hacker News

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

CVE-2026-21877, a critical authenticated RCE flaw with CVSS 10.0, fixed in version 1.121.3 after affecting earlier releases.
The Hacker News

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

A critical CVSS 10.0 vulnerability in n8n allows unauthenticated attackers to read files, bypass authentication, and gain ...