Cybersecurity researchers have disclosed particulars of yet one more maximum-severity safety flaw in n8n, a preferred workflow automation platform, that enables an unauthenticated distant attacker to achieve full management over vulnerable situations.
The vulnerability, tracked as CVE-2026-21858 (CVSS rating: 10.0), has been codenamed Ni8mare by Cyera Analysis Labs. Safety researcher Dor Attias has been acknowledged for locating and reporting the flaw on November 9, 2025.
“A vulnerability in n8n permits an attacker to entry information on the underlying server by way of execution of sure form-based workflows,” n8n mentioned in an advisory printed right now. “A susceptible workflow might grant entry to an unauthenticated distant attacker. This might lead to publicity of delicate data saved on the system and will allow additional compromise relying on deployment configuration and workflow utilization.”
With the newest growth, n8n has disclosed 4 vital vulnerabilities over the past two weeks –
- CVE-2025-68613 (CVSS rating: 9.9) – An improper management of dynamically-managed code sources that might enable authenticated attackers to realize distant code execution (RCE) below sure circumstances (Mounted in variations 1.120.4, 1.121.1, and 1.122.0)
- CVE-2025-68668 or N8scape (CVSS rating: 9.9) – A sandbox bypass vulnerability that might enable an authenticated consumer with permission to create or modify workflows to execute arbitrary instructions on the host system operating n8n (Mounted in model 2.0.0)
- CVE-2026-21877 (CVSS rating: 10.0) – An unrestricted add of a file with a harmful sort vulnerability that might enable an authenticated attacker to execute untrusted code by way of the n8n service, resulting in full compromise of the occasion (Mounted in model 1.121.3)
Nonetheless, not like these flaws, CVE-2026-21858 doesn’t require any credentials and takes benefit of a “Content material-Sort” confusion flaw to extract delicate secrets and techniques, forge administrator entry, and even execute arbitrary instructions on the server.
The vulnerability impacts all variations of n8n previous to and together with 1.65.0. It has been addressed in model 1.121.0, which was launched on November 18, 2025. It is value noting that the newest variations of the library are 1.123.10, 2.1.5, 2.2.4, and a couple of.3.0.
In line with technical particulars shared by Cyera with The Hacker Information, the crux of the issue is rooted within the n8n webhook and file dealing with mechanism. Webhooks, that are essential to obtain knowledge from apps and providers when sure occasions happen, are triggered after the incoming request is parsed utilizing a perform named “parseRequestBody().”
Particularly, the perform is designed to learn the “Content material-Sort” header within the request and invoke one other perform to parse the request physique –
- Use parseFormData(), aka “file add parser,” if the “Content material-Sort” header is “multipart/form-data,” denoting type knowledge
- Use parseBody() aka “common physique parser” for all different content material sorts
The file add parser, in flip, makes use of the parse() perform related to formidable, a Node.js module for parsing type knowledge, and shops the decoded lead to a world variable known as “req.physique.information.” This populated knowledge is processed by the webhook, which solely runs when the “Content material-Sort” header is ready to “multipart/form-data.”
In distinction, the common physique parser processes the incoming HTTP request physique and shops the extracted knowledge in a special world variable often known as “req.physique.”
CVE-2026-21858 happens when a file-handling perform is run with out first verifying that the content-type is “multipart/form-data,” doubtlessly permitting an attacker to override req.physique.information. Cyera mentioned it discovered such a susceptible stream within the perform that handles type submissions (“formWebhook()”), which invokes a file-handling perform (“copyBinaryFile()”) to behave on “req.physique.information.”
“This is the difficulty: since this perform is known as with out verifying the content material sort is ‘multipart/form-data,’ we management the complete req.physique.information object,” Attias mentioned. “Which means we management the filepath parameter — so as a substitute of copying an uploaded file, we will copy any native file from the system.”
“The consequence? Any node after the Kind node receives the native file’s content material as a substitute of what the consumer uploaded.”
As for the way the assault can play out, contemplate an internet site that has a chat interface to supply details about varied merchandise primarily based on product specification information uploaded to the organizational data base utilizing a Kind workflow. With this setup in place, a nasty actor can leverage the safety gap to learn arbitrary information from the n8n occasion and escalate it additional to RCE by performing the next steps –
- Use the arbitrary learn primitive to entry the database situated at “/dwelling/node/.n8n/database.sqlite” and cargo it into the knowledge-base
- Extract the administrator’s consumer ID, e mail, and hashed password utilizing the chat interface
- Use the arbitrary learn primitive once more to load a configuration file situated at “/dwelling/node/.n8n/config” and extract the encryption secret key
- Use the obtained consumer and key data to forge a pretend session cookie and procure admin entry, resulting in an authentication bypass
- Obtain RCE by creating a brand new workflow with an “Execute Command” node
“The blast radius of a compromised n8n is very large,” Cyera mentioned. “A compromised n8n occasion does not simply imply dropping one system — it means handing attackers the keys to every thing. API credentials, OAuth tokens, database connections, cloud storage — all centralized in a single place. n8n turns into a single level of failure and a goldmine for risk actors.”
In mild of the severity of the flaw, customers are suggested to improve to the patched model or later as quickly as doable for optimum safety, keep away from exposing n8n to the web, and implement authentication for all Types. As momentary workarounds, it is suggested to limit or disable publicly accessible webhook and type endpoints.
