Max severity Ni8mare flaw lets hackers hijack n8n servers

A most severity vulnerability dubbed “Ni8mare” permits distant, unauthenticated attackers to take management over regionally deployed cases of the N8N workflow automation platform.

The security difficulty is recognized as CVE-2026-21858 and has a ten out of 10 severity rating. Based on researchers at information security firm Cyera, there are greater than 100,000 susceptible n8n servers.

n8n is an open-source workflow automation device that permits customers to attach functions, APIs, and companies into complicated workflows through a visible editor. It’s primarily used to automate duties and helps integrations with AI and enormous language mannequin (LLM) companies.

It has over 50,000 weekly downloads on npm and greater than 100 million pulls on Docker Hub. It’s a standard device within the AI area, the place it’s used to orchestrate LLM calls, construct AI brokers and RAG pipelines, and automate information ingestion and retrieval.

Ni8mare particulars

The Ni8mare vulnerability offers an attacker entry to recordsdata on the underlying server by executing sure form-based workflows.

“A susceptible workflow may grant entry to an unauthenticated distant attacker. This might end in publicity of delicate data saved on the system and should allow additional compromise relying on deployment configuration and workflow utilization,” n8n builders say.

Cyera researchers found the Ni8mare vulnerability (CVE-2026-21858) and reported it to n8n on November 9, 2025. They are saying that the security difficulty is a content-type confusion in the way in which n8n parses information.

n8n makes use of two features to course of incoming information primarily based on the ‘content-type’ header configured in a webhook, the part that triggers occasions in a workflow by listening for particular messages.

When the webhook request is marked as multipart/form-data, n8n treats it as a file add and makes use of a particular add parser that saves recordsdata in randomly generated short-term places.

“This implies customers can’t management the place recordsdata find yourself, which protects in opposition to path traversal assaults.”

Nonetheless, for all different content material varieties, n8n makes use of its commonplace parser as an alternative.

Cyera discovered that by setting a distinct content material sort, resembling software/json, an attacker can bypass the add parser.

On this scenario, n8n nonetheless processes file-related fields however does so with out verifying that the request really accommodates a sound file add. This enables the attacker to completely management the file metadata, together with the file path.

“Since this perform is known as with out verifying the content material sort is multipart/form-data, we management the whole req.physique.recordsdata object. Meaning we management the filepath parameter – so as an alternative of copying an uploaded file, we can copy any native file from the system,” explains Cyera.

This enables studying arbitrary recordsdata from an n8n occasion, which may expose secrets and techniques by including inside recordsdata into the workflow’s information base.

Cyera says this may be abused to show secrets and techniques saved on the occasion, inject delicate recordsdata into workflows, forge session cookies to bypass authentication, and even execute arbitrary instructions.

Cyera emphasizes that n8n usually shops API keys, OAuth tokens, database credentials, cloud storage entry, CI/CD secrets and techniques, and enterprise information, making it a central automation hub.

n8n builders say that there is no such thing as a official workaround obtainable for Ni8mare, however one mitigation is to limit or disable publicly accessible webhook and kind endpoints.

The beneficial motion is to replace to n8n model 1.121.0 or a more moderen one.