CVE-2026-21858 gives unauthenticated attackers full code execution on n8n workflow servers. Langflow's new IDOR vulnerability has been added to CISA KEV. GitHub Copilot's MCP integration carries a prompt-injection-to-RCE chain. AI automation infrastructure is becoming a primary attack surface.