Two critical vulnerabilities in the n8n workflow automation platform allow unauthenticated remote code execution and exposure of stored credentials, with a public proof-of-concept exploit already available. Organizations running n8n, particularly self-hosted instances used in automated workflows, face server takeover risk and potential credential theft from connected systems. Patches are available; any unpatched deployment should be treated as actively at risk given PoC availability.