How serious is this?
An important caveat: for any of this to be possible, an attacker would need access to the victim’s n8n system. From that point of view, exploiting this vulnerability would be the second stage of an attack, not the first.
Equally, an attacker able to pull off the exploit would be able to exfiltrate multiple credentials across employees and eventually compromise the entire n8n system. However, in Imperva’s view, the bigger issue is really the extent to which organizations are pooling risk in automation platforms.
“Workflow automation tools like n8n are becoming the backbone of modern IT infrastructure. While they offer immense power and speed, they also centralize trust,” Imperva said.
