n8n vulnerability

Critical n8n Vulnerabilities Expose 100,000+ Workflow Automation Servers to Complete Takeover

Francois

6 min read
Critical n8n Vulnerabilities Expose 100,000+ Workflow Automation Servers to Complete Takeover

If your organization uses n8n for workflow automation, stop what you're doing and read this. Researchers disclosed details today of a maximum-severity vulnerability that allows unauthenticated attackers to gain complete control over n8n instances—no credentials required.

The vulnerability, tracked as CVE-2026-21858 and dubbed "Ni8mare" by Cyera Research Labs, carries the highest possible CVSS score of 10.0. It affects an estimated 100,000+ self-hosted n8n deployments worldwide, many of which store API keys, OAuth tokens, database credentials, and other sensitive secrets that attackers can extract and weaponize.

This disclosure follows three other high-severity n8n vulnerabilities revealed in recent weeks, creating an urgent patching imperative for any organization running this popular automation platform.

What Makes Ni8mare So Dangerous

The severity of CVE-2026-21858 stems from three critical factors: it requires no authentication, it's trivially exploitable, and it provides a direct path to complete system compromise.

Cyera researcher Dor Attias, who discovered the flaw and reported it on November 9, 2025, explained that the vulnerability exploits a content-type confusion weakness in n8n's handling of webhook and form data. The platform fails to validate the Content-Type header correctly in specific webhook scenarios, allowing attackers to manipulate how uploaded data is parsed.

In practical terms, an attacker can send a specially crafted request to any n8n instance with publicly accessible form endpoints. Instead of uploading a file, the malicious request tricks n8n into reading any file from the underlying server and injecting it into the workflow.

According to the official n8n advisory published today, "A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker."

The Attack Chain

The exploitation path Cyera outlined demonstrates how a file-read vulnerability escalates to complete remote code execution:

  1. Arbitrary File Read – The attacker exploits the content-type confusion to read any file on the n8n server, including configuration files and the local SQLite database.
  2. Secret Extraction – n8n stores session authentication data in an n8n-auth cookie built from user data and signed with a local secret key. With file access, attackers can extract both the user database and the signing secret.
  3. Session Forgery – Using extracted credentials and the signing key, attackers forge valid administrator session cookies, bypassing authentication entirely.
  4. Remote Code Execution – With admin access, attackers can execute arbitrary commands on the server using n8n's code execution capabilities.

The result is a complete instance takeover without ever needing legitimate credentials.

Why This Matters for Your Organization

n8n has become critical infrastructure for many organizations. With over 100 million Docker pulls and thousands of enterprise deployments, it serves as what Cyera describes as "the central nervous system of automation infrastructure."

Consider what a typical n8n deployment holds:

  • API credentials for SaaS applications
  • OAuth tokens for third-party services
  • Database connection strings
  • Cloud storage access keys
  • CI/CD pipeline secrets
  • Business-critical workflow logic

As Cyera's research blog states: "n8n becomes a single point of failure and a goldmine for threat actors."

If your security team hasn't already audited n8n deployments across your environment, this vulnerability should be the catalyst to do so immediately.

A Wave of Critical n8n Vulnerabilities

Ni8mare isn't an isolated finding. It's the latest in a concerning pattern of critical security flaws affecting the n8n platform:

CVE-2025-68668 (N8scape) – CVSS 9.9

This sandbox bypass vulnerability in n8n's Python Code Node, disclosed January 6, 2026, allows authenticated users with workflow creation permissions to execute arbitrary operating system commands. The flaw exists in the Pyodide-based sandbox implementation and affects versions 1.0.0 through 1.999.999. Cyera researchers Vladimir Tokarev and Ofek Itach discovered this vulnerability.

Status: Fixed in version 2.0.0

CVE-2026-21877 – CVSS 10.0

This authenticated remote code execution vulnerability involves unrestricted upload of dangerous file types. It affects versions 0.123.0 through 1.121.2 and was reported by security researcher theolelasseux.

Status: Fixed in version 1.121.3

CVE-2025-68613 – CVSS 9.9

Disclosed in December 2025, this expression injection vulnerability allows attackers to execute arbitrary code via workflow configuration expressions that aren't properly isolated from the underlying runtime. According to Censys, there were 103,476 potentially vulnerable instances as of December 22, 2025.

Status: Fixed in versions 1.120.4, 1.121.1, and 1.122.0

The clustering of these vulnerabilities suggests that workflow automation platforms—particularly those offering code execution capabilities—require significant security scrutiny.

Immediate Actions Required

Based on the severity and exploitability of these vulnerabilities, here's what IT and security leaders should do immediately:

1. Inventory All n8n Deployments

Many organizations have n8n instances deployed by individual teams or departments without central IT awareness. Query your container orchestration platforms, cloud environments, and network segments to identify all running n8n instances.

# Example: Search for n8n containers in Docker environments

docker ps -a | grep n8n

2. Patch Immediately

The remediation path depends on which vulnerabilities affect your specific version:

VulnerabilityAffected VersionsFixed Version

CVE-2026-21858 (Ni8mare) ≤ 1.65.0 1.121.0+

CVE-2025-68668 (N8scape) 1.0.0 – 1.999.999 2.0.0+

CVE-2026-21877 0.123.0 – 1.121.2 1.121.3+

CVE-2025-68613 0.211.0 – 1.120.3 1.120.4+

Recommended action: Upgrade to the latest stable version (currently 2.3.0) to address all known vulnerabilities.

3. Apply Workarounds If Patching Is Delayed

If immediate patching isn't feasible, implement these mitigations:

For Ni8mare (CVE-2026-21858):

  • Restrict or disable publicly accessible webhook and form endpoints
  • Note: There is no official workaround—patching is strongly recommended

For N8scape (CVE-2025-68668):

  • Disable the Code Node entirely:
  • NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]"
  • Or disable Python support specifically:
  • N8N_PYTHON_ENABLED=false
  • Or enable the task runner-based Python sandbox:
  • N8N_RUNNERS_ENABLED=trueN8N_NATIVE_PYTHON_RUNNER=true

4. Audit Access and Secrets

Even after patching, assume compromise if your instances were internet-accessible:

  • Rotate all API keys, OAuth tokens, and credentials stored in n8n
  • Review workflow execution logs for suspicious activity.
  • Check for unauthorized workflow modifications.
  • Audit user accounts for unexpected additions.

5. Implement Network Segmentation

n8n instances should not be directly exposed to the internet. Place them behind:

  • VPN or Zero Trust Network Access (ZTNA) solutions
  • Web Application Firewalls with appropriate rules
  • Network segmentation that limits lateral movement if compromised

Common Mistakes to Avoid

Assuming cloud-hosted means secure – While n8n Cloud instances may be patched by the provider, self-hosted deployments remain your responsibility. Additionally, CVE-2026-21877 affects both self-hosted and cloud versions according to n8n's advisory.

Ignoring shadow deployments – Development teams often spin up n8n instances for automation projects without the security team's awareness. These "shadow" deployments are frequently the most vulnerable because they lack standard security controls.

Treating workflow platforms as low-risk – Because n8n doesn't "look like" traditional infrastructure, security teams sometimes deprioritize it. In reality, workflow automation platforms that handle credentials and execute code represent high-value targets.

Delayed credential rotation – Even after patching, credentials that may have been exposed remain compromised. Many organizations patch quickly but fail to rotate the secrets their n8n instances were storing.

Broader Implications for Workflow Automation Security

This wave of n8n vulnerabilities highlights a growing challenge: workflow automation and AI agent platforms are becoming critical enterprise infrastructure without corresponding security maturity.

n8n is described as "the go-to platform for building automated workflows in the age of AI and AI agents." Its popularity stems from enabling non-technical users to create powerful automations through a drag-and-drop interface. But this accessibility comes with risk—organizations are deploying platforms that handle sensitive credentials and execute code, often without the security scrutiny applied to traditional development infrastructure.

Security leaders should consider:

Governance frameworks for automation platforms – Who can deploy workflow automation tools? What security review is required before connecting sensitive systems?

Credential management integration – Rather than storing secrets directly in n8n, integrate with enterprise secrets management solutions (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) that provide rotation, auditing, and access controls.

Regular security assessments – include workflow automation platforms in the penetration testing scope and in vulnerability management programs.

Looking Ahead

The disclosure timeline for Ni8mare reveals responsible handling: Cyera reported the vulnerability on November 9, 2025, and n8n addressed it in version 1.121.0 released November 18, 2025. The public disclosure today (January 7, 2026) followed the CVE assignment yesterday.

However, the gap between patch availability and widespread adoption means many organizations remain vulnerable nearly two months after the fix was released. Threat actors closely monitor vulnerability disclosures, and public technical details increase the risk of exploitation.

If n8n is part of your technology stack, treat this as a critical security incident requiring immediate response—regardless of whether you've detected actual compromise.

Sources

  1. The Hacker News – "Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control" – January 7, 2026 https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html
  2. Cyera Research Labs – "Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)" – January 7, 2026 https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
  3. BleepingComputer – "Max severity Ni8mare flaw lets hackers hijack n8n servers" – January 7, 2026 https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/
  4. Cyber Security News – "New Critical n8n Vulnerability Allows Attackers to Execute Arbitrary Commands" – January 6, 2026 https://cybersecuritynews.com/critical-n8n-vulnerability/
  5. The Hacker News – "New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands" – January 6, 2026 https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html

Read more