The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.
TechRadar

A critical n8n flaw has been discovered - here's how to stay safe

CVE-2025-68668 in n8n’s Python Code Node enables arbitrary system command execution Attackers with workflow permissions can bypass Pyodide sandbox, risking malware, data theft, and system compromise ...
Bleeping Computer

Max severity Ni8mare flaw lets hackers hijack n8n servers

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. The security issue ...