A critical vulnerability (CVSS 10.0) in n8n, a popular workflow automation platform, allows unauthenticated attackers to seize complete control of vulnerable instances. This is a serious issue, and it's essential to understand the implications. Let's dive in.
This flaw, identified as CVE-2026-21858 and nicknamed "Ni8mare" by Cyera Research Labs, exposes a significant security risk. It allows attackers to gain full access to n8n instances without needing any login credentials. Dor Attias from Cyera Research Labs discovered and reported this vulnerability on November 9, 2025.
n8n itself has stated that the vulnerability allows attackers to access files on the underlying server through specific form-based workflows. This could lead to sensitive information being exposed and potentially further system compromises, depending on how the system is set up and used.
This is not an isolated incident. In the past two weeks alone, n8n has disclosed four critical vulnerabilities:
- CVE-2025-68613 (CVSS score: 9.9): This involves improper control of dynamically managed code resources, potentially enabling authenticated attackers to execute code remotely. (Fixed in versions 1.120.4, 1.121.1, and 1.122.0)
- CVE-2025-68668 (CVSS score: 9.9) or N8scape: This is a sandbox bypass vulnerability that could allow an authenticated user to execute arbitrary commands on the host system. (Fixed in version 2.0.0)
- CVE-2026-21877 (CVSS score: 10.0): This vulnerability involves unrestricted file uploads, which could allow an attacker to execute untrusted code. (Fixed in version 1.121.3)
But here's where it gets controversial... Unlike the other vulnerabilities, CVE-2026-21858 doesn't require any credentials. It exploits a "Content-Type" confusion flaw to extract sensitive data, forge administrator access, and even execute arbitrary commands on the server. The vulnerability affects all n8n versions prior to and including 1.65.0. The fix was implemented in version 1.121.0, released on November 18, 2025. Current versions of the library are 1.123.10, 2.1.5, 2.2.4, and 2.3.0.
According to Cyera's technical analysis, the core problem lies within n8n's webhook and file-handling mechanisms. Webhooks are essential for receiving data from apps and services. The issue arises in a function called "parseRequestBody()," which is designed to read the "Content-Type" header and then call another function to parse the request body.
- If the "Content-Type" header is "multipart/form-data," the function "parseFormData()" (the file upload parser) is used.
- For all other content types, "parseBody()" (the regular body parser) is used.
The file upload parser uses the parse() function associated with formidable, a Node.js module for parsing form data, and stores the decoded result in a global variable called "req.body.files." This data is processed by the webhook, which only runs when the "Content-Type" header is set to "multipart/form-data." In contrast, the regular body parser processes the incoming HTTP request body and stores the extracted data in a different global variable known as "req.body."
And this is the part most people miss... CVE-2026-21858 occurs when a file-handling function runs without first verifying the content type as "multipart/form-data," potentially allowing an attacker to override req.body.files. Cyera found this vulnerable flow in the function that handles form submissions ("formWebhook()"), which calls a file-handling function ("copyBinaryFile()") to act on "req.body.files." Dor Attias explained, "Since this function is called without verifying the content type is 'multipart/form-data,' we control the entire req.body.files object. That means we control the filepath parameter -- so instead of copying an uploaded file, we can copy any local file from the system."
The result? Any node after the Form node receives the local file's content instead of what the user uploaded.
How can this attack unfold? Consider a website that uses a chat interface to provide information about various products based on product specification files uploaded to the organizational knowledge base using a Form workflow. A malicious actor could exploit this security hole to read arbitrary files from the n8n instance and escalate it to RCE by:
- Using the arbitrary read to access the database located at "/home/node/.n8n/database.sqlite" and load it into the knowledge-base.
- Extracting the administrator's user ID, email, and hashed password using the chat interface.
- Using the arbitrary read again to load a configuration file located at "/home/node/.n8n/config" and extract the encryption secret key.
- Using the obtained user and key information to forge a fake session cookie and obtain admin access, leading to an authentication bypass.
- Achieving RCE by creating a new workflow with an "Execute Command" node.
"The blast radius of a compromised n8n is massive," Cyera stated. "A compromised n8n instance doesn't just mean losing one system -- it means handing attackers the keys to everything. API credentials, OAuth tokens, database connections, cloud storage -- all centralized in one place. n8n becomes a single point of failure and a goldmine for threat actors."
In light of this serious vulnerability, what should you do? Users should upgrade to the patched version or later as soon as possible for optimal protection. You should also avoid exposing n8n to the internet and enforce authentication for all Forms. As temporary workarounds, restrict or disable publicly accessible webhook and form endpoints.
What are your thoughts? Do you think this vulnerability highlights a broader issue in how we handle web application security? Share your perspective in the comments below!
