Summary
n8n patched four critical vulnerabilities, including an unauthenticated expression injection and multiple sandbox escapes, that allow attackers to execute arbitrary code and decrypt stored credentials like AWS keys and API tokens.
Take Action:
Update your n8n instances ASAP to prevent attackers from using public forms to steal your encrypted cloud credentials and take over your server. If you can't patch, disable the Form and Merge nodes and restrict workflow access to only your most trusted users.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)