Summary
n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.
Take Action:
If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)