A newly disclosed, maximum-severity vulnerability has been identified in n8n, a widely used workflow automation platform. This critical security flaw allows an unauthenticated remote attacker to gain complete control of affected n8n instances, posing a major threat to users and organizations relying on the platform.
The vulnerability, tracked as CVE-2026-21858 with a perfect CVSS score of 10.0, has been codenamed “Ni8mare.” This flaw enables attackers to abuse n8n’s form-based workflow handling, allowing them to access files on the underlying server and potentially gain elevated or administrative access, all without needing any credentials.
Key Issue:
This vulnerability arises due to improper validation of the “Content-Type” header in incoming webhook requests. n8n uses webhooks to accept data from external sources. When a request is received, n8n’s function for parsing incoming data does not correctly verify whether the request is a legitimate form-data submission. This oversight lets an attacker manipulate or override internal variables that reference uploaded files, making it possible to read any file from the server and, through a series of steps, escalate to full system compromise.
n8n processes incoming webhook requests differently based on the “Content-Type” HTTP header:
If multipart/form-data (typically used for file uploads), it processes files and places them in a global req.body.files variable.
For other content types, data is parsed into a separate req.body variable.
The vulnerable workflow does not properly restrict access to this file-handling mechanism, nor does it verify the content type before invoking file operations.
This allows an attacker to directly control the req.body.files object. By doing so, they can trick the application into copying and accessing any file stored on the server, including sensitive data such as configuration files, databases, and credential stores.
Example Attack Scenario:
A bad actor can exploit this flaw to:
Read the internal database (e.g., /home/node/.n8n/database.sqlite) and extract user or admin credentials.
Retrieve configuration file secrets (e.g., /home/node/.n8n/config), such as encryption keys.
Forge a session cookie using the stolen credentials and secrets to gain administrative access.
Escalate to remote code execution (RCE) by uploading or executing malicious automation workflows.
Because n8n often centralizes connections to APIs, databases, cloud storage, and other resources, compromise of the instance could lead to widespread data exposure and further system attacks.
All versions of n8n up to and including 1.65.0 are vulnerable.
The issue was resolved in version 1.121.0, released on November 18, 2025.
The most recent versions at the time of this writing include 1.123.10, 2.1.5, 2.2.4, and 2.3.0.
Remediation Steps:
Upgrade immediately to at least version 1.121.0, or preferably to the latest available release.
Avoid exposing n8n instances directly to the internet.
Enforce authentication for all forms and workflow endpoints.
As a temporary measure, restrict or disable publicly accessible webhook and form endpoints to minimize exposure.
Over the past two weeks, three other major vulnerabilities have been disclosed and addressed:
CVE-2025-68613 (CVSS 9.9): Allowed remote code execution by authenticated users through improper handling of dynamically-managed code.
CVE-2025-68668 (“N8scape”, CVSS 9.9): Allowed authenticated users to escape sandbox restrictions and execute arbitrary host commands.
CVE-2026-21877 (CVSS 10.0): Allowed dangerous file uploads by authenticated users, leading to full instance compromise.
This vulnerability demonstrates how a single flaw in workflow automation platforms can put a wide range of sensitive data and credentials at risk. Anyone running n8n should upgrade immediately and review their deployment and authentication practices to ensure their systems and data remain safe.