CVE-2026-25049 highlights weaknesses in sandboxing user-defined JavaScript expressions within n8n workflows.

Multiple research teams demonstrated authenticated sandbox escape leading to unrestricted RCE, credential exposure, filesystem access, cloud pivoting, and AI workflow manipulation. The issue stems from incomplete AST-based sandboxing and runtime enforcement gaps.

Fixes have been released, and mitigation guidance includes updating, rotating secrets, and restricting workflow permissions.

Source: https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

💬 What lessons does this case offer for securing automation platforms?

➕ Follow TechNadu for accurate, vendor-neutral infosec reporting.

#Infosec #CVE #n8n #SandboxEscape #RCE #CloudSecurity #DevSecOps

Trust Me, I'm Local: Chrome Extensions, MCP, and the Sandbox Escape

https://blog.extensiontotal.com/trust-me-im-local-chrome-extensions-mcp-and-the-sandbox-escape-1875a0ee4823

#HackerNews #TrustMeImLocal #ChromeExtensions #MCP #SandboxEscape

Mozilla Alerts Windows Users to Critical Firefox Sandbox Escape Vulnerability

https://thedefendopsdiaries.com/mozilla-alerts-windows-users-to-critical-firefox-sandbox-escape-vulnerability/

#firefoxvulnerability
#sandboxescape
#cve20252857
#cybersecurity
#mozillaalert

🚨​ [#PatchNow] New VM2 #SandboxEscape... Two critical vulns are out in the #VM2 #Sandbox Library. These flaws affect all versions prior to 3.9.17 and both carry a CVSS score of 9.8.

If exploited, a threat actor could escape protection boundaries and execute arbitrary code. A patch has been released. so get it and update: https://www.bleepingcomputer.com/news/security/new-sandbox-escape-poc-exploit-available-for-vm2-library-patch-now.

These two CVEs (CVE-2023-29199 and CVE-2023-30547) were discovered by Seung Hyun Lee.

https://nvd.nist.gov/vuln/detail/CVE-2023-29199

https://nvd.nist.gov/vuln/detail/CVE-2023-30547

#infosec #patchmanagement #riskmitigation