Researchers have discovered serious flaws in a crucial AI workflow automation system that numerous businesses have started utilizing to incorporate LLMs into their operations for the second time in less than a month This article explores risk hub n8n. . N8n is a well-known low-code platform that connects apps, services, and custom logic to enable businesses to automate workflows, including those behind sales transactions, HR onboarding procedures, and customer support ticketing.

Therefore, any compromise contributes significantly to corporate risk. "A hub is N8n. According to Michael Bell, CEO and co-founder of Suzu Labs, "it contains credentials for every system it connects to."

Related: Microsoft Rushes Office Zero-Day Emergency Patch ## Increased Security Risk, Less than a Month After "Ni8mare" Just a few weeks after n8n revealed CVE-2026-21858, a critical unauthenticated RCE vulnerability that enables attackers to fully take over locally deployed instances of n8n, JFrog reported the two vulnerabilities. The bug, known as "Ni8mare" by the Cyera researchers who found it, impacted an estimated 100,000 servers globally, but an attacker needed to meet a number of requirements in order to exploit it. Organizations currently utilizing n8n services should adhere to similar recommendations made in the wake of Ni8mare in early January, in lieu of any other vendor directives: Limit execution privileges, cut off n8n from the Internet, demand robust authentication, and steer clear of static validation.

Bell suggests that in order to minimize repercussions in the event of a breach, organizations should keep LLM credentials apart from other system credentials. Also, implement input validation on any workflow that accepts external data before passing it to an LLM, he says.