PatchDayAlert
Subscribe →
Daily Digest · 2 min read · 5 CVEs · Issue 45 By PatchDayAlert

Flowise leaks your OAuth secrets unauthenticated, n8n hides SQL injection in column names

5 CVEs today. Flowise exposes SSO client secrets (including Azure and GitHub) to any anonymous GET request (CVSS 7.5). n8n's database nodes let authenticated users inject SQL through table and column identifiers (CVSS 8.2). Also: a Keras path traversal at CVSS 8.1, a Warp terminal command injection under WSL, and a Linux kernel nftables offset bug.

Patch now
1
Within 24h
1
This week
3
Exploited
0
Azure LinuxLinux KernelNetfilterLinuxCloudKerasN8nWindowsWarp TerminalFlowiseFlowiseAI

Nothing's burning, but two of today's 5 CVEs deserve your attention before lunch. n8n's database nodes have a SQL injection bug hiding in table and column name fields (CVE-2026-56351, CVSS 8.2), and Flowise is handing out your OAuth client secrets to anyone with a GET request and your org ID (CVE-2026-56270, CVSS 7.5, no auth required). None of these are exploited in the wild yet, but that Flowise one is basically a freebie for any attacker who finds it.

Today's CVEs

Sorted by urgency

01

CVE-2026-46244

MSRC
7.0
CVSS EPSS 0.39%
Patch this week HIGH
Azure LinuxLinux KernelNetfilterLinuxCloud

A bug in the Linux kernel's netfilter subsystem (nft_inner) causes IPv6 transport header offsets to fall out of sync, which can lead to incorrect packet processing or a local privilege escalation path. Exploitation requires local access and the ability to interact with nftables, so remote risk is low. This primarily matters if you run Azure Linux 3.0 with nftables-based firewalling.

Included because
local; kernel vulnerability; CVSS 7.0; Azure Linux specific
Affected estate
Azure Linux 3.0 hosts running kernel 6.6.139.1-1 or 6.6.141.1-1
How to check
Run `uname -r` on each host and compare against the affected versions. Check `tdnf list installed kernel` for the exact package build.
Action
Update the kernel package via `tdnf update kernel` and reboot.
Urgency
Patch this week
Why it matters
A local attacker could exploit this desync to bypass firewall rules or escalate privileges on affected hosts.
Source
NVD

Evidence trail

02

CVE-2026-11816

MSRC
8.1
CVSS EPSS 0.45%
Patch this week HIGH
KerasAzure LinuxLinuxCloud

Keras has a path traversal bug that lets an attacker read or write files outside the intended directory by supplying crafted file paths to model loading or saving functions. If you host Keras-based ML services that accept user-supplied model files or paths, an attacker could use this to steal data or drop malicious files on the server. CVSS 8.1, so treat it seriously even though exploitation requires some user interaction or a reachable Keras endpoint.

Included because
path traversal; CVSS 8.1; common ML framework
Affected estate
Azure Linux 3.0 systems with keras package version 3.3.3-7
How to check
Run `tdnf list installed keras` or `pip show keras` to confirm the installed version.
Action
Update keras via `tdnf update keras` or `pip install --upgrade keras` depending on your deployment method.
Urgency
Patch this week
Why it matters
An attacker who can supply file paths to Keras could read sensitive files or overwrite system files on your ML hosts.
Source
NVD

Evidence trail

03

CVE-2026-56351

NVD
8.2
CVSS
Patch within 24h HIGH
N8nLinuxWindowsCloud

n8n's MySQL, PostgreSQL, and Microsoft SQL nodes don't properly escape identifier values (table names, column names) in workflow configurations. Any authenticated user with workflow creation permissions can inject arbitrary SQL through crafted identifiers, letting them run unauthorized queries, exfiltrate data, or corrupt your database. This is a classic SQL injection, just hiding in a spot you might not expect.

Included because
authenticated; SQL injection; CVSS 8.2; data integrity risk; common automation platform
Affected estate
All n8n instances below version 2.4.0 using MySQL, PostgreSQL, or Microsoft SQL nodes
How to check
Check your n8n version in the admin panel or run `n8n --version`. Review workflows for any MySQL, PostgreSQL, or MSSQL node usage.
Action
Upgrade n8n to 2.4.0 or later. Audit existing workflows for suspicious table or column names in database nodes.
Urgency
Patch within 24 hours
Why it matters
Any user who can create workflows can run arbitrary SQL against your connected databases, putting all that data at risk.
Source
NVD

Evidence trail

04

CVE-2026-54699

NVD
7.7
CVSS
Patch this week HIGH
Warp TerminalWindowsLinux

Warp terminal running under WSL has an OS command injection bug in its URL-opening fallback. When wslview fails to open a URL, Warp falls back to the Windows command processor, and a malicious URL rendered in terminal output can inject arbitrary OS commands. The catch: the user has to click the link, and you have to be running Warp under WSL specifically. Still, CVSS 7.7, because a single click can mean full command execution.

Included because
command injection; user interaction required; WSL-specific; CVSS 7.7
Affected estate
Warp terminal installations running under WSL, versions from 0.2024.03.12.08.02.stable_01 up to (but not including) 0.2026.05.06.15.42.stable_01
How to check
Open Warp and check the version in Settings or run the version check command. Confirm whether the installation runs under WSL.
Action
Update Warp to 0.2026.05.06.15.42.stable_01 or later. Until patched, avoid clicking untrusted URLs rendered in terminal output.
Urgency
Patch this week
Why it matters
Clicking a malicious link in terminal output can execute arbitrary commands on the Windows host, potentially compromising your workstation.
Source
Vendor advisory

Evidence trail

05

CVE-2026-56270

NVD
7.5
CVSS
Patch now HIGH
FlowiseFlowiseAICloudLinuxWindows

Flowise versions 3.0.13 and earlier have a completely unauthenticated endpoint that hands back your full SSO configuration, including OAuth client secrets in cleartext, to anyone who knows your organization ID. An attacker can harvest credentials for Google, Microsoft/Azure, GitHub, and Auth0 integrations with a single GET request. No login required. This is bad.

Included because
unauthenticated; internet-facing; credential exposure; CVSS 7.5; no exploit complexity
Affected estate
Flowise instances version 3.0.13 and earlier, both self-hosted and FlowiseAI Cloud, with SSO integrations configured
How to check
Check your Flowise version in the admin UI or deployment config. Test whether `/api/v1/loginmethod?organizationId=<your-org-id>` returns SSO details without authentication.
Action
Upgrade to Flowise 3.1.0 or later. Rotate all OAuth client secrets exposed through this endpoint. Review access logs for any prior unauthenticated hits to `/api/v1/loginmethod`.
Urgency
Patch immediately
Why it matters
Your OAuth secrets are exposed to anyone on the internet, giving attackers the keys to impersonate your SSO integrations.
Source
NVD

Evidence trail

One email, every Wednesday morning.

Subscribe

From the field notes

From this beat

Read the rest of the field notes โ†’