Cybersecurity researchers have disclosed particulars of yet one more maximum-severity security flaw in n8n, a well-liked workflow automation platform, that enables an unauthenticated distant attacker to realize full management over inclined cases.
The vulnerability, tracked as CVE-2026-21858 (CVSS rating: 10.0), has been codenamed Ni8mare by Cyera Analysis Labs. Safety researcher Dor Attias has been acknowledged for locating and reporting the flaw on November 9, 2025.
“A vulnerability in n8n permits an attacker to entry recordsdata on the underlying server by means of execution of sure form-based workflows,” n8n stated in an advisory printed at this time. “A weak workflow might grant entry to an unauthenticated distant attacker. This might end in publicity of delicate info saved on the system and should allow additional compromise relying on deployment configuration and workflow utilization.”
With the newest improvement, n8n has disclosed 4 essential vulnerabilities over the past two weeks –
- CVE-2025-68613 (CVSS rating: 9.9) – An improper management of dynamically-managed code assets that would enable authenticated attackers to realize distant code execution (RCE) below sure circumstances (Fastened in variations 1.120.4, 1.121.1, and 1.122.0)
- CVE-2025-68668 or N8scape (CVSS rating: 9.9) – A sandbox bypass vulnerability that would enable an authenticated person with permission to create or modify workflows to execute arbitrary instructions on the host system working n8n (Fastened in model 2.0.0)
- CVE-2026-21877 (CVSS rating: 10.0) – An unrestricted add of a file with a harmful sort vulnerability that would enable an authenticated attacker to execute untrusted code by way of the n8n service, resulting in full compromise of the occasion (Fastened in model 1.121.3)
Nonetheless, not like these flaws, CVE-2026-21858 doesn’t require any credentials and takes benefit of a “Content material-Sort” confusion flaw to extract delicate secrets and techniques, forge administrator entry, and even execute arbitrary instructions on the server.
The vulnerability impacts all variations of n8n previous to and together with 1.65.0. It has been addressed in model 1.121.0, which was launched on November 18, 2025. It is price noting that the newest variations of the library are 1.123.10, 2.1.5, 2.2.4, and a couple of.3.0.
In response to technical particulars shared by Cyera with The Hacker Information, the crux of the issue is rooted within the n8n webhook and file dealing with mechanism. Webhooks, that are essential to obtain information from apps and providers when sure occasions happen, are triggered after the incoming request is parsed utilizing a perform named “parseRequestBody().”
Particularly, the perform is designed to learn the “Content material-Sort” header within the request and invoke one other perform to parse the request physique –
- Use parseFormData(), aka “file add parser,” if the “Content material-Sort” header is “multipart/form-data,” denoting kind information
- Use parseBody() aka “common physique parser” for all different content material varieties
The file add parser, in flip, makes use of the parse() perform related to formidable, a Node.js module for parsing kind information, and shops the decoded end in a world variable known as “req.physique.recordsdata.” This populated information is processed by the webhook, which solely runs when the “Content material-Sort” header is about to “multipart/form-data.”
In distinction, the common physique parser processes the incoming HTTP request physique and shops the extracted information in a special international variable referred to as “req.physique.”
CVE-2026-21858 happens when a file-handling perform is run with out first verifying that the content-type is “multipart/form-data,” doubtlessly permitting an attacker to override req.physique.recordsdata. Cyera stated it discovered such a weak circulate within the perform that handles kind submissions (“formWebhook()”), which invokes a file-handling perform (“copyBinaryFile()”) to behave on “req.physique.recordsdata.”
“This is the problem: since this perform is known as with out verifying the content material sort is ‘multipart/form-data,’ we management all the req.physique.recordsdata object,” Attias stated. “Which means we management the filepath parameter — so as a substitute of copying an uploaded file, we will copy any native file from the system.”
“The outcome? Any node after the Kind node receives the native file’s content material as a substitute of what the person uploaded.”
As for the way the assault can play out, think about a web site that has a chat interface to supply details about varied merchandise based mostly on product specification recordsdata uploaded to the organizational data base utilizing a Kind workflow. With this setup in place, a nasty actor can leverage the security gap to learn arbitrary recordsdata from the n8n occasion and escalate it additional to RCE by performing the next steps –
- Use the arbitrary learn primitive to entry the database situated at “/house/node/.n8n/database.sqlite” and cargo it into the knowledge-base
- Extract the administrator’s person ID, e mail, and hashed password utilizing the chat interface
- Use the arbitrary learn primitive once more to load a configuration file situated at “/house/node/.n8n/config” and extract the encryption secret key
- Use the obtained person and key info to forge a faux session cookie and procure admin entry, resulting in an authentication bypass
- Obtain RCE by creating a brand new workflow with an “Execute Command” node
“The blast radius of a compromised n8n is very large,” Cyera stated. “A compromised n8n occasion does not simply imply shedding one system — it means handing attackers the keys to the whole lot. API credentials, OAuth tokens, database connections, cloud storage — all centralized in a single place. n8n turns into a single level of failure and a goldmine for risk actors.”
In mild of the severity of the flaw, customers are suggested to improve to the patched model or later as quickly as attainable for optimum safety, keep away from exposing n8n to the web, and implement authentication for all Types. As non permanent workarounds, it is suggested to limit or disable publicly accessible webhook and kind endpoints.
