US EditionMax severity Ni8mare flaw lets hackers hijack n8n servers
The Ni8mare vulnerability (CVE-2026-21858) scores 10/10 severity and affects over 100,000 servers, enabling remote code execution without authentication.
- On November 9, 2025, Cyera researchers reported Ni8mare , a maximum-severity flaw allowing remote attackers control over about 100,000 n8n workflow automation platform servers.
- N8n's webhook parser uses separate handlers based on content-type, enabling attackers to bypass the upload parser by sending application/json and control req.body.files and the filepath parameter, Cyera said.
- By controlling file metadata, an attacker can copy arbitrary local files on the underlying server, read secrets and sensitive data stored in workflows, and achieve full remote-code execution with no workaround.
- Users are advised to update to n8n version 1.121.1 or later, as n8n developers say the patch effectively addresses the vulnerability, after Cyera published proof-of-concept on Wednesday.
- Widespread adoption of n8n matters because over 50,000 weekly npm downloads and more than 100 million Docker pulls increase risk to API keys, OAuth tokens, and enterprise automation infrastructure, Cyera said.
10 Articles
10 Articles
Researchers rush to warn defenders of max-severity defect in n8n
Researchers warn that a critical vulnerability in n8n, an automation platform that allows organizations to integrate AI agents, workflows and hundreds of other enterprise services, could be exploited by attackers to achieve full control of targeted networks. The maximum-severity vulnerability — CVE-2026-21858 — affects about 100,000 servers globally, according to Cyera, which initially discovered and reported the defect to n8n on Nov. 9. Develop…
Critical N8n Vulnerability CVE-2026-21858 Exposed
Cybersecurity researchers have disclosed a new critical flaw in the popular workflow automation platform n8n that could allow unauthenticated attackers to fully compromise vulnerable systems. The issue, tracked as CVE-2026-21858 and assigned a maximum CVSS score of 10.0, is being described as one of the most severe n8n vulnerabilities reported to date. The n8n vulnerability was discovered and responsibly disclosed by security researcher Dor Att…
Cyera researchers detail critical 'Ni8mare' vulnerability allowing full takeover of n8n instances
A new report out today from data security company Cyera Ltd. is warning that a recently discovered critical security vulnerability in workflow automation platform n8n puts thousands of organizations at risk of full system compromise. The vulnerability, tracked as CVE-2026-21858 and assigned a maximum Common Vulnerability Scoring System score of 10.0, can allow unauthenticated attackers […] The post Cyera researchers detail critical ‘Ni8mare’ vu…
Critical n8n Vulnerability Enables Authenticated RCE
A critical vulnerability in the n8n workflow automation platform allows authenticated users to execute arbitrary code on affected systems, creating a risk of broader compromise. The issue impacts both self-hosted deployments and n8n Cloud environments, posing challenges for organizations that depend on n8n to run business-critical automation workflows. An authenticated user “… may be able to cause untrusted code to be executed by the n8n servic…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium