Berkdedekarginoglu

**Name of the Vulnerable Software and Affected Versions** Flowise versions prior to 3.0.13 **Description** Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference (IDOR) vulnerability, combined with a Business Logic Flaw, exists in the `PUT /api/v1/loginmethod` endpoint. The endpoint does not validate if the authenticated user has ownership or administrative rights over the target `organizationId`. This allows a low-privileged user to overwrite the SSO configuration of any organization, enable Enterprise-only features without a license, and perform Account Takeover by redirecting the authentication flow. The backend accepts the `organizationId` parameter from the JSON body and updates the database record without checking if `request.user.organizationId` equals `body.organizationId`. An attacker can send a crafted PUT request to the `/api/v1/loginmethod` endpoint, modifying the victim's Google SSO configuration by replacing legitimate OAuth credentials with malicious application credentials. This can lead to session hijacking or credential theft when victim employees attempt to log in via SSO. **Recommendations** Versions prior to 3.0.13 should be updated to version 3.0.13 or later.

**Name of the Vulnerable Software and Affected Versions** n8n versions 0.187.0 through 1.120.2 **Description** n8n is a workflow automation platform. A command injection issue was identified in the community package installation functionality. This allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. The issue was present in versions from 0.187.0 up to, but not including, 1.120.3. The vulnerability allows for potential privilege escalation from administrator to root. The vulnerable functionality involves the package installation process, lacking sufficient input sanitization. **Recommendations** Update to version 1.120.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.1.29 **Description** A command injection issue exists in the Docker sandbox execution mechanism due to unsafe handling of the `PATH` environment variable when constructing shell commands. An authenticated user with the ability to control environment variables can influence command execution within the container context, potentially leading to the execution of unintended commands, access to the container filesystem, and exposure of sensitive data. Over 135,000 instances are exposed to the internet, with approximately 63% being vulnerable. **Recommendations** Update to version 2026.1.29.

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 2.0.0 **Description** n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permissions can execute internal functions within the Code node. This allows workflow editors to perform actions on the host system with the same privileges as the n8n process, including reading and writing files, subject to file access restrictions and OS/container permissions. Mitigation strategies include restricting file access to a dedicated directory using the `N8N RESTRICT FILE ACCESS TO` variable, ensuring the `N8N BLOCK FILE ACCESS TO N8N FILES` variable is set to true, and disabling high-risk nodes like the Code node using the `NODES EXCLUDE` variable if workflow editors are not fully trusted. **Recommendations** Upgrade to version 2.0.0 or later. Set the `N8N RESTRICT FILE ACCESS TO` variable to a dedicated directory containing no sensitive data. Ensure the `N8N BLOCK FILE ACCESS TO N8N FILES` variable is set to true. Disable the Code node using the `NODES EXCLUDE` variable if workflow editors are not fully trusted.

**Name of the Vulnerable Software and Affected Versions** n8n versions 1.0.0 through less than 2.0.0 **Description** n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including, 2.0.0. An authenticated user with permission to create or modify workflows can exploit this issue to execute arbitrary commands on the host system running n8n, with the same privileges as the n8n process. This vulnerability, tracked as CVE-2025-68668, has a CVSS score of 9.9 (Critical). Workarounds include disabling the Code Node by setting the environment variable `NODES EXCLUDE` to "["n8n-nodes-base.code"]", disabling Python support in the Code node by setting the environment variable `N8N PYTHON ENABLED` to false (available in n8n version 1.104.0), and configuring n8n to use the task runner based Python sandbox via the `N8N RUNNERS ENABLED` and `N8N NATIVE PYTHON RUNNER` environment variables. The task runner-based Python implementation became the default starting with n8n version 2.0.0. **Recommendations** Upgrade to n8n version 2.0.0 or later. As a temporary workaround, disable the Code Node by setting the environment variable `NODES EXCLUDE` to "["n8n-nodes-base.code"]". As a temporary workaround, disable Python support in the Code node by setting the environment variable `N8N PYTHON ENABLED` to false. As a temporary workaround, configure n8n to use the task runner based Python sandbox via the `N8N RUNNERS ENABLED` and `N8N NATIVE PYTHON RUNNER` environment variables.