Four of the holes, which allow remote code execution and command injection, are rated as critical.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Six new vulnerabilities have been discovered in the n8n workflow automation platform, with four rated as critical (CVSS 9.4). The flaws enable remote code execution, command injection, arbitrary file access, and cross-site scripting attacks. These vulnerabilities affect how n8n sandboxes user processes and are particularly concerning for multi-user deployments with access to credentials and internal APIs. This follows recent discoveries of other critical n8n vulnerabilities and malicious npm packages targeting the platform. Users should update to the latest version immediately.

Six more vulnerabilities found in n8n automation platform