Ethical Hacking News
A critical vulnerability has been discovered in the open-source workflow automation platform n8n, allowing authenticated users to execute untrusted code by the n8n service. This maximum-severity security flaw, rated at 10.0 on the CVSS scoring system, affects both self-hosted deployments and n8n Cloud instances. Users are advised to upgrade to version 1.121.3 or later to mitigate this risk.
n8n has announced a critical vulnerability (CVE-2026-21877) with a maximum-severity rating of 10.0 on the CVSS scoring system. The vulnerability allows authenticated users to execute untrusted code, potentially leading to a full compromise of the affected instance. Versions 0.123.0 to 1.121.2 are impacted, while version 1.121.3 has been released with a patch to address the issue. Security researcher Théo Lelasseux is credited with discovering and reporting this vulnerability. Users are advised to upgrade to version 1.121.3 or later to mitigate the risk of remote code execution.
The cybersecurity landscape has been abuzz with the recent revelation by n8n, an open-source workflow automation platform, regarding a critical vulnerability that poses a substantial threat to its users. According to the company's advisory released on January 7, 2026, a maximum-severity security flaw, denoted as CVE-2026-21877 and rated at 10.0 on the CVSS scoring system, has been identified in both self-hosted deployments and n8n Cloud instances. This vulnerability allows authenticated users to execute untrusted code by the n8n service, potentially resulting in a full compromise of the affected instance.
The maintainers of n8n have issued an advisory warning users about this critical security flaw, highlighting that versions 0.123.0 to 1.121.2 are impacted, while version 1.121.3 has been released with a patch to address the issue. Security researcher Théo Lelasseux is credited with discovering and reporting this vulnerability.
The discovery of this vulnerability underscores the importance of keeping software up-to-date, as it highlights the rapid pace at which new security threats emerge. In recent times, n8n has addressed several critical flaws in its platform, including CVE-2025-68613 and CVE-2025-68668, both of which carry CVSS scores of 9.9.
In light of this vulnerability, users are advised to upgrade to version 1.121.3 or later to mitigate the risk of remote code execution. Alternatively, administrators can limit exposure by disabling the Git node and restricting access for untrusted users. This advisory serves as a poignant reminder of the need for constant vigilance when it comes to cybersecurity, highlighting the importance of proactive measures in safeguarding against emerging threats.
The disclosure also underscores n8n's commitment to addressing security concerns promptly, underscoring its dedication to maintaining the trust and confidence of its users. As the cybersecurity landscape continues to evolve at a breakneck pace, platforms like n8n must remain vigilant, proactively addressing vulnerabilities and fostering an environment of transparency with their users.
The CVSS scoring system is a widely recognized framework used to measure the severity of security vulnerabilities. Rating a vulnerability at 10.0 signifies that it has a maximum potential impact, making it extremely critical for software developers and administrators to take immediate action to address such flaws.
In conclusion, this vulnerability serves as a stark reminder of the ever-present threat landscape in the world of cybersecurity. As we continue to navigate the rapidly evolving digital landscape, it is imperative that we prioritize vigilance and proactive measures to safeguard our systems against emerging threats like this critical n8n remote code execution vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/n8n-Warns-of-Critical-Remote-Code-Execution-Vulnerability-Affecting-Workflow-Automation-Platform-ehn.shtml
https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html
https://nvd.nist.gov/vuln/detail/CVE-2025-68613
https://www.cvedetails.com/cve/CVE-2025-68613/
https://nvd.nist.gov/vuln/detail/CVE-2025-68668
https://www.cvedetails.com/cve/CVE-2025-68668/
https://nvd.nist.gov/vuln/detail/CVE-2026-21877
https://www.cvedetails.com/cve/CVE-2026-21877/
Published: Wed Jan 7 06:33:30 2026 by llama3.2 3B Q4_K_M
