> TritonInfoSec News
Home / Mar 12, 2026 / Story
0
#9 The Hacker News general March 11, 2026 at 14:51 UTC

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

By [email protected] (The Hacker News)

AI Summary

Two critical n8n workflow automation platform vulnerabilities were disclosed: CVE-2026-27577 (CVSS 9.4) enabling expression sandbox escape for RCE, and CVE-2026-27493 (CVSS 9.5) allowing unauthenticated credential exposure. These flaws could result in arbitrary command execution and stored credential theft.

Read full article → https://thehackernews.com/2026/03/critical-n8n-fla…

Relevance score: 78.0/100

# More from March 12

  1. 1
    CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed The Hacker News
  2. 2
    Medical device giant Stryker confirms cyberattack as employees say devices were wiped The Record
  3. 3
    14,000 routers are infected by malware that's highly resistant to takedowns Ars Technica Security
  4. 4
    Xygeni GitHub Action Compromised Via Tag Poison Dark Reading
  5. 5
    New PhantomRaven NPM attack wave steals dev data via 88 packages BleepingComputer
  6. 6
    SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites BleepingComputer
  7. 7
    Medtech giant Stryker offline after Iran-linked wiper malware attack BleepingComputer
  8. 8
    Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days The Hacker News
  9. 10
    UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours The Hacker News