CVE-2025-27926
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVE-2025-27925
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
CVE-2025-27924
Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.