Security researchers at Cyera Research Labs disclosed CVE-2026-21858, a critical vulnerability in n8n that allows unauthenticated attackers to take complete control of workflow automation servers. Codenamed “Ni8mare”, the flaw carries the maximum CVSS score of 10.0 and affects an estimated 100,000 servers globally.
Vulnerability overview
| Field | Value |
|---|---|
| CVE | CVE-2026-21858 |
| Codename | Ni8mare |
| CVSS | 10.0 (Critical) |
| Type | Content-Type Confusion → Arbitrary File Read → RCE |
| Affected Versions | n8n ≤ 1.65.0 |
| Fixed Version | 1.121.0 (November 18, 2025) |
| Discovery | Dor Attias, Cyera Research Labs |
| Reported | November 9, 2025 |
| Public disclosure | January 7, 2026 |
Technical analysis
The vulnerability exploits a Content-Type confusion flaw in how n8n handles file uploads to Form Webhooks:
Vulnerability mechanism
| Step | Action |
|---|---|
| 1 | File-handling function runs without verifying Content-Type is multipart/form-data |
| 2 | Attacker can override req.body.files with malicious input |
| 3 | File copy function called without content-type verification |
| 4 | Attacker controls filepath parameter |
| 5 | Any local file can be copied instead of uploaded file |
| 6 | Primary primitive achieved: arbitrary file read |
Content-Type confusion detail
n8n uses two functions to process incoming webhook data based on the Content-Type header:
| Content-Type | Handler | Behavior |
|---|---|---|
multipart/form-data | Upload parser | Saves files to random temporary locations |
application/json | JSON parser | Processes as structured data |
The vulnerability exists because the file copy function doesn’t verify the Content-Type matches the expected multipart/form-data. By sending a request with application/json Content-Type but including file parameters, an attacker controls the entire req.body.files object—including the filepath parameter.
As Cyera explained: “Since this function is called without verifying the content type is multipart/form-data, we control the entire req.body.files object. That means we control the filepath parameter – so instead of copying an uploaded file, we can copy any local file from the system.”
Escalation to RCE
In n8n’s context, arbitrary file read escalates to full remote code execution:
| Phase | Action |
|---|---|
| 1 | Read n8n configuration files |
| 2 | Extract stored credentials and secrets |
| 3 | Read database files containing session data |
| 4 | Forge administrator JWT token |
| 5 | Use CVE-2025-68613 for expression injection |
| 6 | Bypass sandbox for command execution |
| 7 | Full server compromise achieved |
No credentials are required. The attack works against default n8n installations with publicly accessible Form Webhooks.
Exploitation prerequisites
While rated Critical by CVSS, successful exploitation requires specific conditions:
| Prerequisite | Details |
|---|---|
| Form Webhook workflow | Must be created and active |
| Public accessibility | Webhook must be reachable without authentication |
| Vulnerable version | n8n ≤ 1.65.0 |
Horizon3.ai notes that these pre-requisites may limit widespread exploitability in real-world deployments. However, organizations should not rely on configuration to protect against a CVSS 10.0 vulnerability.
What attackers gain
Successful exploitation provides:
| Capability | Impact |
|---|---|
| Arbitrary file read | Access to secrets, configurations, workflow data |
| Authentication bypass | Full administrative access via forged JWT |
| Command execution | Complete server compromise |
| Credential theft | Access to all integrated services |
| Lateral movement | Pivot to connected systems |
Why n8n is a high-value target
“The risk is massive. n8n sits at the heart of enterprise automation infrastructure. Gaining control of n8n means gaining access to your secrets, customer data, CI/CD pipelines and more.” — Dor Attias, Cyera Research Labs
Typical n8n credential storage
| Credential type | Risk if compromised |
|---|---|
| API keys | Access to integrated services |
| OAuth tokens | Cloud platform access |
| Database credentials | Connected data sources |
| Cloud storage keys | S3, GCS, Azure Blob access |
| CI/CD secrets | Deployment pipeline compromise |
| Business data | Customer and operational data |
A compromised n8n server provides attackers with access to every system the automation platform touches.
Affected deployments
n8n is widely used for:
| Use case | Risk |
|---|---|
| Business process automation | Operational data exposure |
| Data integration | Multi-system credential theft |
| CI/CD orchestration | Supply chain compromise |
| Monitoring and alerting | Security visibility loss |
| API integrations | Third-party service access |
Self-hosted vulnerability factors
| Factor | Risk |
|---|---|
| Manual updates required | Patching delays |
| Public webhook endpoints | Direct attack surface |
| Default configurations | May lack authentication |
| Credential storage | Local secrets accessible |
Cyera estimates approximately 100,000 servers are potentially affected globally.
Timeline
| Date | Event |
|---|---|
| November 9, 2025 | Vulnerability reported to n8n |
| November 18, 2025 | Patch released in version 1.121.0 |
| January 7, 2026 | Public disclosure by Cyera |
| January 6, 2026 | n8n assigns CVE-2026-21858 |
| January 7, 2026 | Cyera publishes disclosure |
| January 2026 | Public PoC exploit available (Chocapikk/GitHub) |
Remediation
Immediate action required
| Priority | Action |
|---|---|
| Critical | Upgrade to n8n 1.121.0 or later |
| Critical | No workarounds available |
| High | Audit workflow logs for suspicious activity |
| High | Rotate all stored credentials |
| High | Review connected systems for unauthorized access |
Defense in depth
| Control | Purpose |
|---|---|
| Network restrictions | Limit access to n8n instances |
| Disable public webhooks | Reduce attack surface if not needed |
| Authentication enforcement | Don’t run n8n without auth |
| Secrets management | Use external vaults (HashiCorp Vault, AWS Secrets Manager) |
| Monitoring | Alert on unusual workflow executions |
| Network segmentation | Isolate n8n from sensitive systems |
Detection
Indicators to monitor
| Indicator | Meaning |
|---|---|
| Unexpected file access patterns | Possible exploitation |
| Authentication anomalies | Session forgery attempts |
| New or modified workflows | Unauthorized changes |
| Unusual API calls from n8n server | Lateral movement |
| Credential usage from unexpected sources | Stolen credential abuse |
Log review
| Log source | Search for |
|---|---|
| n8n application logs | Unusual webhook activity |
| Web server logs | Form Webhook requests with suspicious content |
| System logs | Unexpected file access |
| Network logs | Outbound connections from n8n |
Recommendations
For n8n administrators
| Priority | Action |
|---|---|
| Critical | Patch immediately to 1.121.0+ |
| Critical | Audit all stored credentials |
| High | Review webhook configurations |
| High | Implement network-level access controls |
| Medium | Consider migration to n8n Cloud for managed security |
| Ongoing | Establish regular update schedule |
For security teams
| Priority | Action |
|---|---|
| Critical | Inventory all n8n deployments |
| High | Verify patch status across all instances |
| High | Hunt for compromise indicators |
| High | Assess connected system exposure |
| Medium | Review n8n access patterns |
| Ongoing | Include n8n in vulnerability management |
Related vulnerabilities
CVE-2026-21858 is part of a series of n8n security issues in 2026:
| CVE | Type | CVSS | Auth required |
|---|---|---|---|
| CVE-2026-21858 | Content-Type confusion → RCE | 10.0 | No |
| CVE-2026-1470 | JavaScript sandbox escape | 9.9 | Yes |
| CVE-2026-0863 | Python sandbox escape | 8.5 | Yes |
Organizations should ensure all three vulnerabilities are addressed.
Context
Workflow automation platforms like n8n, Zapier, and Make occupy a privileged position in enterprise infrastructure—they connect systems, store credentials, and automate sensitive operations. A vulnerability in these platforms doesn’t just compromise one system; it potentially compromises every system the platform integrates with.
Organizations running n8n should treat CVE-2026-21858 as an emergency. The combination of maximum severity, no authentication requirement, and widespread deployment makes this a priority-one patch. The two-month gap between patch release (November 2025) and public disclosure (January 2026) provided ample patching window—organizations still running vulnerable versions should assume potential compromise.
Public exploit availability
A proof-of-concept exploit is publicly available on GitHub (Chocapikk/CVE-2026-21858), significantly increasing the risk to unpatched instances:
| Factor | Status |
|---|---|
| PoC available | Yes (GitHub) |
| Weaponization difficulty | Low |
| Automation potential | High |
| Mass scanning | Likely |
The existence of a public PoC means that even unsophisticated attackers can now exploit vulnerable n8n instances.
Mitigation options
Since no workarounds exist, organizations have limited options:
| Option | Effectiveness |
|---|---|
| Upgrade to 1.121.0+ | Complete remediation |
| Disable public webhooks | Reduces attack surface |
| Network restrictions | Limits who can reach webhooks |
| Web application firewall | May block some exploitation attempts |
| Take offline | Eliminates risk but disrupts operations |
The only complete remediation is upgrading to version 1.121.0 or later.