A critical vulnerability in workflow automation platform n8n could allow attackers to fully compromise both cloud-hosted and self-hosted servers without authentication, according to reporting by Infosecurity Magazine citing security research from Pillar Security.
The flaw was described as a zero-click issue, meaning exploitation did not require user interaction, and attackers reportedly did not need an n8n account to trigger it. While full technical details and version information were not included in the initial report, the impact was severe: server-level compromise in a product that often stores API keys, access tokens, workflow logic and connections to other business systems.
That makes the bug more than a single-application problem. n8n is commonly used to connect services such as cloud apps, internal APIs, databases and developer tools. If an attacker gains control of the n8n server, they may also be able to access stored credentials, alter workflows, move data, or pivot into downstream systems. For organizations exposing n8n to the internet, the risk is especially high because the reported attack path required no login at all.
At the time of writing, public reporting had not clearly confirmed a CVE ID, affected version range, or whether the flaw had been exploited in the wild. Those details matter for defenders trying to assess exposure, but the reported combination of zero-click, unauthenticated access and full server compromise places this issue in the highest-risk category.
Organizations running n8n should review vendor advisories and patch immediately if a fixed release is available. Security teams should also inspect logs for suspicious requests, review recent workflow or credential changes, and rotate secrets stored in the platform if compromise is suspected. Self-hosted deployments should not be publicly reachable unless necessary, and administrators may want to place instances behind additional access controls or a VPN while remediation is underway.
The incident is another reminder that automation platforms can become high-value targets because they centralize credentials and business logic. A single flaw in that layer can open the door to far broader compromise than a typical web app bug.
