Six extra vulnerabilities have been found within the n8n workflow platform used for constructing LLM-powered brokers to attach enterprise processes. 4 of the six are rated as important, carrying CVSS severity scores of 9.4.
“These vulnerabilities span a number of assault courses, from distant code execution and command injection to arbitrary file entry and cross-site scripting, all focusing on a platform that’s often deployed with entry to secrets and techniques, credentials, inner APIs, and business-critical logic,” famous Amit Genkin, a security researchers at Israel-based cloud security supplier Upwind, who blogged concerning the vulnerabilities this week.
Johannes Ullrich, dean of analysis on the SANS Institute, mentioned the vulnerabilities have an effect on how n8n sandboxes the processes created by completely different customers, and the way the host is protected against customers with entry to n8n.
