CVE-2026-21858

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0

Description n8n is an open-source workflow automation platform vulnerable to a critical issue allowing unauthenticated remote code execution (RCE). This flaw, dubbed “Ni8mare” (CVE-2026-21858), stems from a content-type confusion vulnerability in the handling of webhooks and form-based workflows. Attackers can exploit this to read arbitrary files on the underlying server, potentially exposing sensitive information like API keys, database credentials, and OAuth tokens. Successful exploitation can lead to full system compromise, including the ability to forge admin sessions and execute arbitrary commands. Approximately 60,000 internet-exposed instances were initially identified as vulnerable, though this number has decreased with patching. A public proof-of-concept exploit is available, increasing the risk of active exploitation.

Recommendations Upgrade to n8n version 1.121.0 or later immediately. Restrict access to publicly accessible webhooks and form endpoints as a temporary mitigation if an immediate upgrade is not possible. Rotate all API keys and secrets if you suspect your instance may have been compromised.