Trust Center

AlphaSense is aware of a maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances.

Based on the information currently available from n8n, we can confirm that AlphaSense does not use this and is not affected by this incident.

We will post updates here as n8n completes their investigation and shares further findings.

Update (20 December 2025): We have updated our Subprocessor List. Please visit the Legal section below for details.

Update (17 December 2025): We have updated our Subprocessor List. Please visit the Legal section below for details.

AlphaSense is not impacted by the recently disclosed critical vulnerability in Apache Tika (CVE-2025-66516). Therefore, no mitigation actions are required.

AlphaSense will continue to monitor the situation and will provide further updates as necessary.

AlphaSense is aware of React2Shell (CVE‑2025‑55182, CVE‑2025‑66478), two critical remote code execution flaws in React and Next.js. This flaw allows unauthenticated remote code execution (RCE) due to insecure deserialization in the default configuration of affected applications.

The AlphaSense Security and Engineering teams reviewed the potential impact on our products and platforms. We have applied the patches and are no longer impacted.

AlphaSense Security and Engineering teams will continue to monitor the situation and will provide further updates as necessary.