The Critical n8n Vulnerability (CVSS 10.0) Gives Unauthenticated Attackers Complete Control

The Critical n8n Vulnerability (CVSS 10.0) Gives Unauthenticated Attackers Complete Control

Another maximum-severity security vulnerability in n8n Vulnerability, a well-known workflow automation software, has been revealed by cybersecurity researchers. This vulnerability gives an unauthenticated remote attacker total control over vulnerable instances.

Cyera Research Labs has nicknamed the vulnerability Ni8mare. It is tracked as CVE-2026-21858 (CVSS score: 10.0). The bug was found and reported on November 9, 2025, by security researcher Dor Attias.

“A flaw in n8n enables an intruder to gain access to files on the underlying server via execution of certain form-based workflows,” the company stated in a notice released on 7th January 2026. “An unauthenticated remote attacker could gain access to a vulnerable workflow. Depending on deployment setup and workflow usage, this could lead to the exposure of sensitive data kept on the system and perhaps allow for additional compromise.”

The most recent update is that during the past two weeks, n8n has revealed four serious vulnerabilities:

In contrast to these vulnerabilities, CVE-2026-21858 exploits a “Content-Type” confusion hole to extract confidential information, get administrator access, and even run arbitrary commands on the server without requiring any credentials.

All n8n versions before and including 1.65.0 are vulnerable. Version 1.121.0, which was published on November 18, 2025, addresses it. The most recent iterations of the library are 1.123.10, 2.1.5, 2.2.4, and 2.3.0.

Technical information provided by Cyera to The Hacker News indicates that the n8n webhook and file handling method are at the core of the issue. After the incoming request is parsed using a function called “parseRequestBody(),” webhooks—which are essential for receiving data from apps and services when specific events occur—are triggered.

In particular, the function is made to read the request’s “Content-Type” header and call another function to parse the request body:

• Use the “file upload parser,” parseFormData(), if the “Content-Type” header is “multipart/form-data,” which is form data.
• For all other content formats, use the “regular body parser” parseBody().

The parse() function linked to formidable, a Node.js module for parsing form input, is then used by the file upload parser to save the decoded output in a global variable named “req.body.files.” The webhook processes this populated data only when the “Content-Type” header is set to “multipart/form-data.”

The ordinary body parser, on the other hand, extracts data from the incoming HTTP request body and saves it in a separate global variable called “req.body.”

When a file-handling function is executed without first confirming that the content-type is “multipart/form-data,” CVE-2026-21858 arises, potentially enabling an attacker to modify req.body.files. Cyera reported that it discovered a susceptible flow in the form submission handling function (“formWebhook()”), which calls a file-handling function (“copyBinaryFile()”) to act on “req.body.files.”

“The problem is that we control the entire req.body.files object because this function is invoked without checking if the content type is ‘multipart/form-data,’ according to Attias. “That means we manage the filepath parameter — so instead of copying an uploaded file, we can copy any local file from the system.”

“The result? Any node after the Form node obtains the local file’s content instead of what the user uploaded.”

A website with a chat interface that provides information about different items based on product specification files uploaded to the corporate knowledge base via a Form workflow is an example of how the attack may manifest. With this configuration in place, a malicious actor might use the security flaw to read any file from the n8n instance and escalate it to RCE by taking the following actions:

• Access the database at “.home/node/.n8n/database.sqlite” and load it into the knowledge-base using the arbitrary read primitive.
• Use the chat interface to retrieve the administrator’s hashed password, email address, and user ID.
• To load a configuration file at “.home/node/.n8n/config” and retrieve the encryption secret key, use the arbitrary read primitive once more.
• Utilize the acquired user and key information to create a fictitious session cookie and gain administrator access, thereby circumventing authentication.
• Create a new workflow with an “Execute Command” node to achieve RCE.

“The blast radius of a compromised n8n is massive,” Cyera stated. “A compromised n8n instance gives attackers access to all systems, not just one. Cloud storage, database connections, OAuth tokens, and API credentials are all consolidated in one location. For threat actors, n8n turns into a goldmine and a single point of failure.”

Given the seriousness of the vulnerability, users are recommended to impose authentication for all forms, avoid exposing n8n to the internet, and upgrade to the patched version or later as soon as feasible for best protection. Restricting or disabling publicly available webhook and form endpoints is recommended as a temporary fix.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

Read More:

Recently, Malicious Chrome Extensions Victimized 900K Users Over ChatGPT & DeepSeek

About Author

daksh kataria

See author's posts