Alerts

Critical Vulnerability in n8n Platform

13 January 2026

n8n has released security update addressing a critical vulnerability (CVE-2026-21858) of their workflow automation platform. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Background

n8n has released security update addressing a critical vulnerability (CVE-2026-21858) affecting their workflow automation platform. The vulnerability has a Common Vulnerability Scoring System (CVSS3.1) score of 10 out of 10.

Impact

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage.

Known Exploitation

The proof of concept exploit is reportedly publicly available.

Affected Products

The vulnerability affects the following product versions:

Versions starting with 1.65.0 and below 1.121.0

Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately.

If immediate patching is not feasible, administrators may consider restricting access to publicly accessible webhook and form endpoints or take the instance offline until it can be patched.

References

https://github.com/Chocapikk/CVE-2026-21858

https://www.rapid7.com/blog/post/etr-ni8mare-n8scape-flaws-multiple-critical-vulnerabilities-affecting-n8n/

https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg

https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Critical Vulnerability in n8n Platform

Reach us