alt.hn

7/15/2026 at 2:30:07 PM

CVE-2026-59208: Cross-Issuer Account Takeover in n8n

https://www.strix.ai/blog/n8n-cross-issuer-account-takeover

by bearsyankees

7/15/2026 at 5:18:47 PM

https://github.com/khimaros/flow if you're looking for a more streamlined and minimalist alternative to n8n. it also has CLI integration with piped input and output. user nodes can be written in Typescript, Python, and Rhai in addition to fully declarative nodes. UX it's more similar to ComfyUI

by khimaros

7/15/2026 at 10:14:13 PM

Node-RED is also a good alternative, especially the new version 5 (for those who might have tried it before and didn’t like the editor).

by Towaway69

7/15/2026 at 8:44:37 PM

I figured n8n was another annoying acronym I didn’t know. So after clicking to the article, and then the repo, and then scanning the repo doc, I guess it’s not an acronym after all?

by DougN7

7/15/2026 at 9:58:45 PM

> While looking for a good name for the project with a free domain, Jan quickly realized that all the good ones he could think of were already taken. So, in the end, he chose nodemation. 'node-' in the sense that it uses a Node-View and that it uses Node.js and '-mation' for 'automation' which is what the project is supposed to help with. However, he did not like how long the name was and could not imagine writing something that long every time in the CLI. That is when he ended up on 'n8n'.

by ChrisArchitect

7/15/2026 at 3:45:58 PM

slop generated ai blog post

by nubg

7/15/2026 at 4:42:43 PM

The vulnerability is real or it isn't, it matters or it doesn't, it's clearly explained or it isn't.

by tptacek

7/15/2026 at 4:46:11 PM

And the article is nice to read or it isn’t. Most people here probably aren’t affected and only read reports like that because they find it interesting and entertaining.

by echoangle

7/15/2026 at 4:52:28 PM

"This vulnerability is not meaningful to most HN readers" is a good argument for not upvoting it. "The one detailed description of a new, valid, meaningful vulnerability is AI slop by its discoverers" is not. I don't care about n8n either and didn't upvote this story. But new vulnerability discoveries are not like "Show HN"; their newsworthiness or interestingness extends beyond the writeup or the effort taken to find it.

by tptacek

7/15/2026 at 5:12:50 PM

I disagree. Surely the newsworthiness of vulnerability writeup is a mix of the relevance and article quality.

You could submit a vulnerability report about an internal tool no HN user could ever be affected by and people could find it really interesting, and you could submit an article about a vulnerability that’s really bad and only people that really care about the affected project would be interested.

Edit: removed some irrelevant stuff because I misread the comment

by echoangle

7/15/2026 at 5:15:14 PM

It's possible to make a not-especially-material vulnerability HN-worthy by writing it up exceptionally well. A lot of cryptographic vulnerabilities are exactly like that! But a meaningful vulnerability is probably interesting no matter how well it's written up.

I don't care about this specific vulnerability, I just care about the knee-jerk instinct to dismiss vulnerabilities because they have AI writeups. I don't like AI writeups either, but vulnerabilities are not exactly like other stories.

by tptacek