This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
BaseFortify.eu
basefortify.bsky.social
did:plc:giplx3mfo7nnb44f3yzhclu3
🔍 Technical details
One flaw allows unauthenticated file access via form-based workflows. Another enables authenticated remote code execution. Chained together, attackers can escalate from file read → admin → RCE.
Attack paths explained
https://basefortify.eu/posts/2026/01/two_critical_n8n_vulnerabilities:_patch_fast,_reduce_exposure.html
#infosec #AppSec #Ni8mare
2026-01-08T09:13:44.415Z