Six extra vulnerabilities have been found within the n8n workflow platform used for constructing LLM-powered brokers to attach enterprise processes. 4 of the six are rated as essential, carrying CVSS severity scores of 9.4.
“These vulnerabilities span a number of assault courses, from distant code execution and command injection to arbitrary file entry and cross-site scripting, all focusing on a platform that’s incessantly deployed with entry to secrets and techniques, credentials, inner APIs, and business-critical logic,” famous Amit Genkin, a safety researchers at Israel-based cloud safety supplier Upwind, who blogged concerning the vulnerabilities this week.
Johannes Ullrich, dean of analysis on the SANS Institute, stated the vulnerabilities have an effect on how n8n sandboxes the processes created by completely different customers, and the way the host is protected against customers with entry to n8n.
