Overview
SonicWall released security updates for three vulnerabilities found in SonicOS. If successfully exploited, an unauthenticated attacker could be able to bypass authentication and access restricted services or specific management interface features.
- CVE-2026-0204: Improper Access Control (CVSSv3 8.0)
- CVE-2026-0205: Post-Authentication Path Traversal (CVSSv3 6.8)
- CVE-2026-0205: Post-Authentication Stack-based Buffer Overflow (CVSSv3 4.9)
Affected Versions: <= 6.5.5.1-6n, <= 7.0.1-5169, <= 7.3.1-7013, <= 8.1.0-8017
n8n has released patches for multiple critical vulnerabilities that could be exploited by an authenticated attacker with permission to create or modify workflows. By abusing these permissions, an attacker could achieve remote code execution on the affected system, potentially taking control of services, accessing sensitive information, or disrupting operations.
- CVE-2026-42231: Prototype Pollution in XML Webhook Body Parser Leads to RCE (CVSSv3 9.4)
- CVE-2026-42232: XML Node Prototype Pollution to RCE (CVSSv3 9.4)
Affected Versions: < 1.123.32, < 2.18.1, < 2.17.4
Wordfence has released an advisory for a critical vulnerability in the WordPress GeekyBot plugin caused by missing access controls. This vulnerability could allow an unauthenticated attacker to perform arbitrary plugin installation and remote code execution, which could allow them to take control of the website, access sensitive data, or completely compromise the affected system.
- CVE-2026-5294: Missing Authorisation to Unauthenticated Arbitrary Plugin Installation (CVSSv3 9.8). Affected Versions: <= 1.2.2
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
SonicWall - Security Advisory
N8n - Overview · n8n-io/n8n · GitHub
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.