CVE-2026-21858

Name of the Vulnerable Software and Affected Versions n8n versions 1.65.0 through 1.120.4

Description n8n, an open-source workflow automation platform, is affected by a critical vulnerability (CVE-2026-21858) that allows unauthenticated remote code execution (RCE). This flaw stems from a content-type confusion issue in the handling of form-based webhooks. An attacker can exploit this by sending a crafted request, bypassing authentication and gaining access to arbitrary files on the underlying server. This access can lead to the exposure of sensitive information, including database credentials and API keys, and potentially enable full system compromise. The vulnerability allows attackers to forge admin sessions and execute commands. As of January 9, 2026, over 100,000 instances were reported as potentially vulnerable, with active scanning and exploitation attempts observed. The vulnerability is particularly dangerous because n8n often manages credentials for various services, making a compromised instance a significant risk.

Recommendations Upgrade to n8n version 1.121.0 or later immediately. As a temporary mitigation, restrict or disable publicly accessible webhook and form endpoints until the upgrade is completed. Rotate all credentials and API keys if a compromise is suspected.