Cybersecurity researchers have detailed yet another maximum-severity security flaw in n8n, a popular workflow automation platform. This flaw allows an unauthenticated, remote attacker to gain complete control of a susceptible instance.
This vulnerability is tracked as CVE-2026-21858 (CVSS score: 10.0) and codenamed “Ni8mare” by Cyera Research Labs. Security researcher Dor Attias is credited with discovering and reporting this flaw on November 9, 2025.
“The n8n vulnerability allows an attacker to gain access to files on the underlying server through the execution of certain form-based workflows,” n8n said in an advisory published today. “A vulnerable workflow could allow access to an unauthenticated, remote attacker. This could compromise sensitive information stored on the system and, depending on the deployment configuration and usage of the workflow, could lead to further compromise.”
With the latest development, n8n has revealed four critical vulnerabilities in the past two weeks.
CVE-2025-68613 (CVSS Score: 9.9) – Improper control of dynamically managed code resources could allow an authenticated attacker to perform remote code execution (RCE) under certain conditions (fixed in versions 1.120.4, 1.121.1, and 1.122.0) CVE-2025-68668 or N8scape (CVSS Score: 9.9) – Sandbox Bypass Vulnerability (fixed in version 2.0.0) that allows an authenticated user with privileges to create or modify workflows to potentially execute arbitrary commands on a host system running n8n It may be possible to execute untrusted code through the service. Leads to complete instance compromise (fixed in version 1.121.3)
However, unlike these flaws, CVE-2026-21858 does not require credentials and can leverage the ‘Content-Type’ confusion flaw to extract sensitive secrets, forge administrator access, and even execute arbitrary commands on the server.
This vulnerability affects all versions of n8n prior to 1.65.0. This issue was resolved in version 1.121.0 released on November 18, 2025. Please note that the latest versions of the library are 1.123.10, 2.1.5, 2.2.4, and 2.3.0.
According to technical details shared by Cyera with The Hacker News, the core of the issue is rooted in n8n webhooks and file handling mechanisms. Webhooks are important for receiving data from apps and services when certain events occur and are triggered after an incoming request is parsed using a function named ‘parseRequestBody()’.
Specifically, this function is designed to read the “Content-Type” header in the request and call another function to parse the request body.
If the “Content-Type” header is “multipart/form-data” indicating form data, use parseFormData() (aka “File Upload Parser”). For all other content types, use parseBody() (also known as the “regular body parser”).
The file upload parser then uses the parse() function associated with formidable, a Node.js module for parsing form data, and stores the decoded results in a global variable called “req.body.files”. This entered data is processed by the webhook. The webhook will only run if the “Content-Type” header is set to “multipart/form-data”.
In contrast, a typical body parser processes the body of an incoming HTTP request and stores the extracted data in a separate global variable called “req.body”.
CVE-2026-21858 occurs when a file processing function is executed without first checking that the content type is “multipart/form-data”, which could allow an attacker to override req.body.files. According to Cyera, such a vulnerable flow was discovered in a function that handles form submissions (formWebhook()), which calls a file processing function (copyBinaryFile()) that operates on req.body.files.
“Here’s the problem: This function is called without checking that the content type is ‘multipart/form-data’, so it ends up controlling the entire req.body.files object,” Atias said. “That means you control the file path parameters. Instead of copying uploaded files, you can copy any local file from your system.”
“What’s the result? Nodes after the form node receive the content from the local file, not what the user uploaded.”
To see how an attack might unfold, consider a website with a chat interface that provides information about various products based on a product specification file uploaded to an organization’s knowledge base using a form workflow. Once this configuration is in place, a malicious attacker can exploit the security hole to read arbitrary files from the n8n instance and perform the following steps to further escalate to RCE.
Use any read primitive to access the database located at “/home/node/.n8n/database.sqlite” and load it into the knowledge base. Use the chat interface to extract the administrator’s user ID, email, and hashed password. Using any read primitive again, load the configuration file located at “/home/node/.n8n/config” and extract the encryption private key. Use the obtained user and key information to forge a fake session. Uses cookies to gain administrator access and creates new workflows with “Run Command” node leading to authentication bypass to achieve RCE
“The explosive radius of the compromised N8N is vast,” Cyera said. “A compromised n8n instance doesn’t just mean losing one system; it means giving the attacker the keys to everything. API credentials, OAuth tokens, database connections, and cloud storage are all centralized in one place. n8n becomes a single point of failure and a gold mine for threat actors.”
Given the severity of the flaw, we recommend that users upgrade to a patched version or later as soon as possible for optimal protection, avoid exposing n8n to the internet, and force authentication for all forms. As a temporary workaround, we recommend restricting or disabling publicly accessible webhooks and form endpoints.
Source link
