CVE-2026-54305 n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

Malicious code in analyzer_plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 747a848e1740f146ea6c00cc1bcc451280f4685bd6cf84e635361504de761cfe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...