CVE-2026-21858

Published Jan 8, 2026

Last updated 11 hours ago

n8n

Ni8mare

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-21858, dubbed "Ni8mare" by Cyera Research Labs, is a critical vulnerability found in the n8n workflow automation platform. The flaw stems from a "Content-Type confusion" issue within the `formWebhook()` function, which is responsible for handling form submissions. This function fails to adequately verify that the incoming HTTP request's `Content-Type` header is set to "multipart/form-data" before processing files. This oversight allows an unauthenticated attacker to manipulate the `req.body.files` object by sending specially crafted requests. By exploiting this, an attacker can achieve arbitrary file reads from the n8n server and potentially escalate their access to execute arbitrary commands on the underlying system. The vulnerability affects n8n versions up to and including 1.65.0 and was addressed in version 1.121.0, released on November 18, 2025.

Description: n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
Source: security-advisories@github.com
NVD status: Undergoing Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 10
Impact score: 5.8
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

security-advisories@github.com: CWE-20

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 30

References