CVE-2026-21858

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0

Description n8n, an open-source workflow automation platform, is affected by a critical vulnerability (CVE-2026-21858) that allows unauthenticated remote attackers to access files on the underlying server through specifically crafted form-based workflows. This vulnerability, dubbed "Ni8mare," has a CVSS score of 10.0. Successful exploitation could lead to exposure of sensitive information, including database files, API keys, and configuration data, potentially enabling further compromise of the system. The vulnerability stems from a content-type confusion issue in the webhook and form handling logic. Attackers can bypass authentication by manipulating the Content-Type header, allowing them to read arbitrary files and potentially execute code. Over 100,000 instances are estimated to be vulnerable. Public exploits are available.

Recommendations Upgrade to n8n version 1.121.0 or later to address this vulnerability. As a temporary mitigation, restrict or disable publicly accessible webhook and form endpoints until the upgrade is completed.