Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4.
“These vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all targeting a platform that is frequently deployed with access to secrets, credentials, internal APIs, and business-critical logic,” noted Amit Genkin, a security researchers at Israel-based cloud security provider Upwind, who blogged about the vulnerabilities this week.
Johannes Ullrich, dean of research at the SANS Institute, said the vulnerabilities affect how n8n sandboxes the processes created by different users, and how the host is protected from users with access to n8n.
