n8n vulnerabilities found - tl;dr: upgrade now

ref: https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

ref: https://www.infosecurity-magazine.com/news/two-critical-flaws-in-n8n-ai/

n8n critical vulnerabilities — update NOW

Multiple critical flaws (CVSS 9.9–10.0) with public exploits are being actively scanned. One requires zero authentication — just a crafted webhook request gives attackers access to your stored credentials and full server control.

Fix:

Update to n8n 1.123.17 or 2.5.2
Rotate your N8N_ENCRYPTION_KEY
Rotate ALL stored credentials (API keys, OAuth tokens, everything)
Review workflows for expressions you didn't create
Stop exposing n8n directly to the internet

Your n8n instance holds every API key and token your automations touch. One compromise = keys to everything.

Don't wait on this.

Cheers

1 comment

Self-Host Hub

skool.com/selfhosthub

Replace costly automation services for your business using SaaS and AI.

Roadmap

Faceless videos for ~$0.20

Create your community