CVE-2026-21858

EUVD-2026-1187

08.01.2026, 00:15

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
GitHub_M	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Affected Products (NVD)

Vendor	Product	Version
n8n	n8n	1.65.0 ≤ 𝑥 < 1.121.0

𝑥

= Vulnerable software versions

Known Exploits!

https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Vulnerability Media Exposure

[ENGLISH] Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers
A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers
Published: 2026-01-08T10:00:00+00:00

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg

https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858