Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Jan 07, 2026
Vulnerability / Automation
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n , a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been acknowledged for discovering and reporting the flaw on November 9, 2025. "A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows," n8n said in an advisory published today. "A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage." With the latest development, n8n has disclosed four critical vulnerabili...
