Ethical Hacking News
A critical n8n vulnerability has exposed sensitive data, allowing unauthenticated attackers to gain full control over susceptible instances. Follow us for the latest updates on this developing story as more information becomes available.
n8n workflow automation platform has been vulnerable to a critical security issue, tracked as CVE-2026-21858. The vulnerability allows unauthenticated attackers to gain complete control over susceptible instances of the platform. The issue is rooted in a Content-Type confusion that affects the n8n webhook and file handling mechanism. Users are advised to upgrade to patched versions or later, avoid exposing n8n to the internet, and enforce authentication for all Forms. Temporary workarounds include restricting or disabling publicly accessible webhook and form endpoints.
Critical cybersecurity news platform, The Hacker News (THN), has recently reported a critical vulnerability in the popular workflow automation platform, n8n. This vulnerability, tracked as CVE-2026-21858 and designated with a high severity score of 10.0 on the Common Vulnerability Scoring System (CVSS), allows unauthenticated attackers to gain complete control over susceptible instances of the platform.
According to researchers at Cyera Research Labs, who discovered and reported this flaw in collaboration with security expert Dor Attias, the vulnerability is rooted in a Content-Type confusion issue that affects the n8n webhook and file handling mechanism. This mechanism is crucial for receiving data from apps and services when certain events occur.
The specific vulnerability occurs when a file-handling function is run without first verifying that the content-type is "multipart/form-data," potentially allowing an attacker to override req.body.files. Cyera Research Labs identified a vulnerable flow in the function that handles form submissions, which invokes a file-handling function to act on "req.body.files."
This vulnerability has severe implications for n8n users, as it enables attackers to access sensitive information stored on the system and potentially escalate their privileges further by achieving Remote Code Execution (RCE). The attacker could leverage this vulnerability to read arbitrary files from the n8n instance, extract administrator credentials, forge a fake session cookie, and gain unauthorized access to the platform.
Fortunately, researchers have identified four critical vulnerabilities in n8n over the last two weeks. These include CVE-2025-68613, CVE-2025-68668 or N8scape, CVE-2026-21877, and now, CVE-2026-21858, all of which require immediate attention from users to mitigate any potential damage.
n8n has disclosed that these vulnerabilities have been addressed in versions 1.121.0, 2.1.5, 2.2.4, and 2.3.0. However, users are advised to upgrade to the patched version or later as soon as possible for optimal protection, avoid exposing n8n to the internet, and enforce authentication for all Forms.
Temporary workarounds include restricting or disabling publicly accessible webhook and form endpoints.
Cyera Research Labs has emphasized that the blast radius of a compromised n8n is massive. A single compromised instance does not just mean losing one system; it means handing attackers the keys to everything - API credentials, OAuth tokens, database connections, cloud storage - all centralized in one place.
"n8n becomes a single point of failure and a goldmine for threat actors," stated Cyera Research Labs. The potential consequences of this vulnerability underscore the importance of timely patches and vigilance among users.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Alert-n8n-Workflow-Automation-Platform-Exposes-Sensitive-Data-Due-to-Critical-Vulnerability-ehn.shtml
https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html
https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
https://cybersecuritynews.com/n8n-automation-platform-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2025-68613
https://www.cvedetails.com/cve/CVE-2025-68613/
https://nvd.nist.gov/vuln/detail/CVE-2025-68668
https://www.cvedetails.com/cve/CVE-2025-68668/
https://nvd.nist.gov/vuln/detail/CVE-2026-21858
https://www.cvedetails.com/cve/CVE-2026-21858/
https://nvd.nist.gov/vuln/detail/CVE-2026-21877
https://www.cvedetails.com/cve/CVE-2026-21877/
Published: Wed Jan 7 09:31:24 2026 by llama3.2 3B Q4_K_M
