#auth

### Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. ### Patches In n8n version 1.111.0, a task-runner-based native Python implementation was introduced as an optional feature, providing a more secure isolation model. To enable it, you need to configure the `N8N_RUNNERS_ENABLED` and `N8N_NATIVE_PYTHON_RUNNER` environment variables. This implementation became the default starting with n8n version 2.0.0. ### Workarounds - Disable the Code Node by setting the environment variable `NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]"` ([Docs)](https://docs.n8n.io/hosting/securing/blocking-nodes/) - Disable Python support in the Code node by setting the environment variable `N8N_PYTHON_ENABLED=false`, which was introduced in n8n version 1.104.0. - Config...

### Summary A stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced in version 1.103.0. This behavior can enable a malicious actor with workflow creation permissions to execute arbitrary JavaScript in the context of the n8n editor interface. While session cookies (`n8n-auth`) are marked `HttpOnly` and cannot be directly exfiltrated, the vulnerability can facilitate Cross-Site Request Forgery (CSRF)-like actions from within the user’s authenticated session, potentially allowing: - Unauthorized reading of sensitive workflow data or execution history. - Unauthorized modification or deletion of workflows. - Insertion of malicious workflow logic or external data exfiltration steps. n8n instances that allow untrusted users to create workflows are particular...

Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.

Gitea before 1.25.2 mishandles authorization for deletion of releases.

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use. This week’s findings show a pattern: precision, patience, and persuasion. The

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code

Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable payday.  But in 2025, the data breaches that affected small and medium-sized businesses (SMBs) challenged our perceived wisdom about exactly which types of businesses cybercriminals are targeting.

Big AI companies courted controversy by scraping wide swaths of the public internet. With the rise of AI agents, the next data grab is far more private.

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to.