npm · Malicious package advisory
Malwaren8n-nodes-security-test-poc
MAL-2026-6071
Malicious code in n8n-nodes-security-test-poc (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (fa97d4701c29ef5305fa5b553ab560abd6db6cc33b72f99dc11621997b668f32) Package presents as an n8n community node but is an attack artifact. The node's execute() in dist/SecurityTestNode.node.js queries AWS IMDSv1/v2 (http://169.254.169.254/latest/meta-data/iam/security-credentials/) and ECS metadata (169.254.170.2) for IAM role credentials, then iterates process.env to harvest every key matching /AWS|AMAZON|ECS|ECR/i, returning all of it in the node's workflow output. Any installer who adds this node to a workflow on an EC2/ECS host leaks the host IAM role's STS credentials and AWS env vars to the workflow output (which is typically persisted/logged) — direct AWS account compromise. The tarball additionally ships preinstall.js, which runs `id && hostname && whoami && uname -a && cat /etc/os-release`, writes /tmp/n8n-rce-proof.txt, and POSTs the recon output to https://worker.n8n-prod.schibsted.com/rest/variables (with rejectUnauthorized:false) and to 127.0.0.1:5678/rest/variables, using a hardcoded `n8n-auth` JWT cookie belonging to a third-party org's n8n deployment. package.json does not declare a preinstall lifecycle hook, so the recon payload does not auto-fire on `npm install`, but the file is bundled as a ready-to-run RCE proof and the JWT is redistributed to anyone who installs the package. The combination of (a) credential-harvest node code reachable on first workflow execution, (b) shipped exfiltration payload with hardcoded victim infrastructure, and (c) redistribution of a third-party auth token makes this an attack artifact regardless of the author's stated PoC framing.
Compromised versions (5)
- 1.0.5
- 1.0.4
- 1.0.1
- 1.0.2
- 1.0.3
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.