.jpg)
Pillar Security has disclosed two critical vulnerabilities (CVSS 10.0) in the popular open-source workflow automation platform n8n. The flaws allow any authenticated user to achieve complete server control, decrypt all stored credentials—including AI API keys and cloud secrets—and hijack agentic AI workflows, posing a severe risk to the hundreds of thousands of enterprises using n8n to orchestrate AI operations.
Pillar Security discovers two critical CVSS 10.0 flaws in n8n workflow automation.
Any authenticated user can execute system commands and decrypt all stored credentials.
The vulnerabilities expose AI API keys, cloud credentials, and allow workflow hijacking.
Affected are all self-hosted and cloud n8n instances prior to version 2.4.0.
Immediate mitigation requires upgrading to n8n 2.4.0+ and rotating all credentials.
The discovery highlights critical risks in the infrastructure powering enterprise AI.
n8n has become a foundational tool for orchestrating agentic AI workflows, connecting models like OpenAI and Anthropic to various data sources and applications. These vulnerabilities transform it from a productivity engine into a single point of catastrophic failure. Attackers gaining access can decrypt the N8N_ENCRYPTION_KEY, exposing every stored credential, and then pivot to hijack AI interactions, modify prompts, exfiltrate data, and move laterally into connected cloud environments.
The flaws are particularly dangerous due to their ease of exploitation—requiring only basic user access—and the extreme level of control they grant. Attackers can execute arbitrary system commands through malicious expressions, effectively owning the server. In multi-tenant n8n Cloud environments, this could lead to cross-tenant compromise. The discovery of a second vulnerability just 24 hours after the initial patch was deployed underscores the fragility of the platform's security at that time.
Pillar Security's disclosure follows responsible practices, and n8n has released patched version 2.4.0. All organizations must upgrade immediately. However, mitigation extends beyond patching: the n8n encryption key must be rotated, and all credentials stored in the platform should be considered compromised and rotated. This incident serves as a stark reminder of the systemic risks embedded within the rapidly adopted tools that power the AI economy, requiring robust security scrutiny of foundational automation platforms.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.