The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
GitHub

extra_claims validation breaks for non-string claim values

While exploring the MCP Registry and configuring extra_claims in docker-compose.yaml for additional OIDC token validation, I noticed an issue in how claim values are ...