CVE-2026-59208: Cross-Issuer Account Takeover in n8n

20 pointsposted a day ago
by bearsyankees

10 Comments

khimaros

a day ago

https://github.com/khimaros/flow if you're looking for a more streamlined and minimalist alternative to n8n. it also has CLI integration with piped input and output. user nodes can be written in Typescript, Python, and Rhai in addition to fully declarative nodes. UX it's more similar to ComfyUI

Towaway69

19 hours ago

Node-RED is also a good alternative, especially the new version 5 (for those who might have tried it before and didn’t like the editor).

DougN7

20 hours ago

I figured n8n was another annoying acronym I didn’t know. So after clicking to the article, and then the repo, and then scanning the repo doc, I guess it’s not an acronym after all?

ChrisArchitect

19 hours ago

> While looking for a good name for the project with a free domain, Jan quickly realized that all the good ones he could think of were already taken. So, in the end, he chose nodemation. 'node-' in the sense that it uses a Node-View and that it uses Node.js and '-mation' for 'automation' which is what the project is supposed to help with. However, he did not like how long the name was and could not imagine writing something that long every time in the CLI. That is when he ended up on 'n8n'.

nubg

a day ago

slop generated ai blog post

tptacek

a day ago

The vulnerability is real or it isn't, it matters or it doesn't, it's clearly explained or it isn't.

echoangle

a day ago

And the article is nice to read or it isn’t. Most people here probably aren’t affected and only read reports like that because they find it interesting and entertaining.

tptacek

a day ago

"This vulnerability is not meaningful to most HN readers" is a good argument for not upvoting it. "The one detailed description of a new, valid, meaningful vulnerability is AI slop by its discoverers" is not. I don't care about n8n either and didn't upvote this story. But new vulnerability discoveries are not like "Show HN"; their newsworthiness or interestingness extends beyond the writeup or the effort taken to find it.

echoangle

a day ago

I disagree. Surely the newsworthiness of vulnerability writeup is a mix of the relevance and article quality.

You could submit a vulnerability report about an internal tool no HN user could ever be affected by and people could find it really interesting, and you could submit an article about a vulnerability that’s really bad and only people that really care about the affected project would be interested.

Edit: removed some irrelevant stuff because I misread the comment

tptacek

a day ago

It's possible to make a not-especially-material vulnerability HN-worthy by writing it up exceptionally well. A lot of cryptographic vulnerabilities are exactly like that! But a meaningful vulnerability is probably interesting no matter how well it's written up.

I don't care about this specific vulnerability, I just care about the knee-jerk instinct to dismiss vulnerabilities because they have AI writeups. I don't like AI writeups either, but vulnerabilities are not exactly like other stories.