Jan 07, 2026Ravie LakshmananVulnerability / Automation
Cybersecurity researchers have disclosed particulars of yet one more maximum-severity safety flaw in n8n, a preferred workflow automation platform, that enables an unauthenticated distant attacker to achieve full management over vulnerable situations.
The vulnerability, tracked as CVE-2026-21858 (CVSS rating: 10.0), has been codenamed Ni8mare by Cyera Analysis Labs. Safety researcher Dor Attias has been acknowledged for locating and reporting the flaw on November 9, 2025.
“A vulnerability in n8n permits an attacker to entry information on the underlying server by means of execution of sure form-based workflows,” n8n mentioned in an advisory printed as we speak. “A susceptible workflow might grant entry to an unauthenticated distant attacker. This might lead to publicity of delicate data saved on the system and will allow additional compromise relying on deployment configuration and workflow utilization.”
With the most recent improvement, n8n has disclosed 4 vital vulnerabilities during the last two weeks –
CVE-2025-68613 (CVSS rating: 9.9) – An improper management of dynamically-managed code sources that would permit authenticated attackers to attain distant code execution (RCE) below sure situations (Mounted in variations 1.120.4, 1.121.1, and 1.122.0)
CVE-2025-68668 or N8scape (CVSS rating: 9.9) – A sandbox bypass vulnerability that would permit an authenticated consumer with permission to create or modify workflows to execute arbitrary instructions on the host system operating n8n (Mounted in model 2.0.0)
CVE-2026-21877 (CVSS rating: 10.0) – An unrestricted add of a file with a harmful kind vulnerability that would permit an authenticated attacker to execute untrusted code by way of the n8n service, resulting in full compromise of the occasion (Mounted in model 1.121.3)
Nonetheless, not like these flaws, CVE-2026-21858 doesn’t require any credentials and takes benefit of a “Content material-Kind” confusion flaw to extract delicate secrets and techniques, forge administrator entry, and even execute arbitrary instructions on the server.
The vulnerability impacts all variations of n8n previous to and together with 1.65.0. It has been addressed in model 1.121.0, which was launched on November 18, 2025. It is value noting that the most recent variations of the library are 1.123.10, 2.1.5, 2.2.4, and a couple of.3.0.
In accordance with technical particulars shared by Cyera with The Hacker Information, the crux of the issue is rooted within the n8n webhook and file dealing with mechanism. Webhooks, that are essential to obtain knowledge from apps and providers when sure occasions happen, are triggered after the incoming request is parsed utilizing a operate named “parseRequestBody().”
Particularly, the operate is designed to learn the “Content material-Kind” header within the request and invoke one other operate to parse the request physique –
Use parseFormData(), aka “file add parser,” if the “Content material-Kind” header is “multipart/form-data,” denoting type knowledge
Use parseBody() aka “common physique parser” for all different content material sorts
The file add parser, in flip, makes use of the parse() operate related to formidable, a Node.js module for parsing type knowledge, and shops the decoded lead to a world variable referred to as “req.physique.information.” This populated knowledge is processed by the webhook, which solely runs when the “Content material-Kind” header is about to “multipart/form-data.”
In distinction, the common physique parser processes the incoming HTTP request physique and shops the extracted knowledge in a unique world variable generally known as “req.physique.”
CVE-2026-21858 happens when a file-handling operate is run with out first verifying that the content-type is “multipart/form-data,” doubtlessly permitting an attacker to override req.physique.information. Cyera mentioned it discovered such a susceptible movement within the operate that handles type submissions (“formWebhook()”), which invokes a file-handling operate (“copyBinaryFile()”) to behave on “req.physique.information.”
“This is the problem: since this operate known as with out verifying the content material kind is ‘multipart/form-data,’ we management all the req.physique.information object,” Attias mentioned. “Which means we management the filepath parameter — so as an alternative of copying an uploaded file, we will copy any native file from the system.”
“The end result? Any node after the Type node receives the native file’s content material as an alternative of what the consumer uploaded.”
As for a way the assault can play out, contemplate an internet site that has a chat interface to supply details about numerous merchandise based mostly on product specification information uploaded to the organizational information base utilizing a Type workflow. With this setup in place, a foul actor can leverage the safety gap to learn arbitrary information from the n8n occasion and escalate it additional to RCE by performing the next steps –
Use the arbitrary learn primitive to entry the database situated at “/residence/node/.n8n/database.sqlite” and cargo it into the knowledge-base
Extract the administrator’s consumer ID, electronic mail, and hashed password utilizing the chat interface
Use the arbitrary learn primitive once more to load a configuration file situated at “/residence/node/.n8n/config” and extract the encryption secret key
Use the obtained consumer and key data to forge a pretend session cookie and acquire admin entry, resulting in an authentication bypass
Obtain RCE by creating a brand new workflow with an “Execute Command” node
“The blast radius of a compromised n8n is very large,” Cyera mentioned. “A compromised n8n occasion does not simply imply shedding one system — it means handing attackers the keys to all the pieces. API credentials, OAuth tokens, database connections, cloud storage — all centralized in a single place. n8n turns into a single level of failure and a goldmine for risk actors.”
In mild of the severity of the flaw, customers are suggested to improve to the patched model or later as quickly as potential for optimum safety, keep away from exposing n8n to the web, and implement authentication for all Types. As short-term workarounds, it is suggested to limit or disable publicly accessible webhook and type endpoints.
