A critical n8n flaw could allow attackers to use crafted expressions in workflows to execute arbitrary commands on the host.