A critical-severity vulnerability in the n8n workflow automation platform allows attackers to take over vulnerable instances, data security firm Cyera warns.
N8n has over 100 million Docker pulls, provides numerous integrations and a drag-and-drop interface, and is used by thousands of enterprises.
Tracked as CVE-2026-21858 (CVSS score 10/10), the newly disclosed n8n vulnerability affects the platform’s webhook and file-handling logic and could lead to unauthenticated access to arbitrary files.
“A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,” n8n’s advisory reads.
According to Cyera Research Labs researcher Dor Attias, who was credited for finding the bug and named it Ni8mare, the issue is a Content-Type confusion, leading to n8n calling the wrong parser when an attacker changes the content type.
Because the function that copies a file from its temporary file to persistent storage is called without verifying the content type, an attacker can control the filepath parameter and copy any local file instead of an uploaded file.
The security defect, Attias explains, can allow attackers to extract sensitive information and use it to completely compromise an n8n instance.
He first intercepted the HTTP request sent when uploading a file using the Form node, which is the interface that allows users to interact with workflows.
Next, Attias changed the content type and crafted the request body to control the filepath, allowing him to load the internal “passwd” file into the organizational knowledge base.
“To retrieve the content of that internal file, all we need to do is ask about it through the chat interface,” he notes.
The bug can be further exploited for code execution, Attias says.
An attacker can trigger it to load n8n’s entire database and its configuration file to retrieve sensitive information, allowing them to forge a session cookie and log in as administrator. Then, they simply create a new workflow for command execution.
“The blast radius of a compromised n8n is massive. n8n connects countless systems, your organizational Google Drive, OpenAI API keys, Salesforce data, IAM systems, payment processors, customer databases, CI/CD pipelines, and more,” Attias explains.
The vulnerability was addressed in n8n version 1.121.0, which was released on November 18, 2025.
All internet-facing n8n instances are at risk of complete takeover and should be patched as soon as possible, especially now that Cyera has published technical details on how it can be triggered.
“No official workarounds are available. As a temporary mitigation, users may restrict or disable publicly accessible webhook and form endpoints until upgrading,” n8n notes.
Related: Critical HPE OneView Vulnerability Exploited in Attacks
Related: Critical Dolby Vulnerability Patched in Android
Related: Fortinet Warns of New Attacks Exploiting Old Vulnerability
Related: UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks
