Critical vulnerability found in n8n workflow automation platform

Critical vulnerability found in n8n workflow automation platform

The open-source platform is widely used across enterprise environments, leaving thousands of instances at risk.

Over 100,000 Internet-Exposed n8n Instances Vulnerable to RCE Attacks

A critical remote code execution vulnerability has left over 100,000 n8n workflow automation instances exposed to potential cyberattacks. The Shadowserver Foundation disclosed that 105,753 vulnerable instances were identified on January 9, 2026, representing nearly half of all detected n8n deployments. Attribute Details CVE ID CVE-2026-21858 CVSS Score 10.0 (Critical) Vulnerability Type Remote Code Execution (RCE) […] The post Over 100,000 Inter…

N8n Supply Chain Attack Abuses Community Nodes To Steal OAuth Tokens - Cybernoz - Cybersecurity News

Jan 12, 2026Ravie LakshmananVulnerability / Workflow Automation Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers’ OAuth credentials. One such package, named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate…

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials. One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate form and then

Malicious npm packages target the n8n automation platform in a supply chain attack

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from enterprise workflows.