N8n

2026-04-12
Self-Hosted and Unprotected: The AI Workflow Tool Security Crisis
Langflow, Flowise, n8n, ComfyUI — every major self-hosted AI workflow tool has shipped unauthenticated RCE vulnerabilities in 2026. This isn't a coincidence. It's a structural failure baked into how these tools were designed.
ai-infrastructure vulnerability rce langflow flowise n8n comfyui mcp self-hosted credential-theft
Vulnerabilities 2026-04-04
Ni8mare: CVSS 10.0 Unauthenticated RCE in n8n Workflow Automation (CVE-2026-21858)
A CVSS 10.0 content-type confusion bug in n8n's webhook handler lets unauthenticated attackers read arbitrary files, steal credentials, forge admin sessions, and achieve full RCE. Patch to 1.121.0 immediately.
CVE RCE n8n workflow-automation webhook unauthenticated CVSS-10

Self-Hosted and Unprotected: The AI Workflow Tool Security Crisis