Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Summary
Two critical vulnerabilities have been disclosed in the n8n workflow automation platform, allowing for remote code execution and exposure of stored credentials. One flaw enables arbitrary command execution via an expression sandbox escape, while the other allows unauthenticated access, though details are incomplete in the provided text.
IFF Assessment
The discovery of critical vulnerabilities that allow for remote code execution and credential exposure poses a significant threat to organizations using the n8n platform.
Severity
Defender Context
Defenders need to ensure that their n8n instances are patched immediately to mitigate the risks of remote code execution and unauthorized access. This highlights the importance of regularly reviewing and securing workflow automation tools, as they can become attractive targets for attackers.