A maximum severity security flaw was discovered in the n8n automation platform, leaving approximately 100,000 servers vulnerable to complete takeover by unauthenticated attackers. The vulnerability, identified as CVE-2026-21858 and dubbed "Ni8mare" by researchers at security firm Cyera, received a CVSS score of 10.0 and allows an attacker to execute arbitrary code on vulnerable systems without requiring access credentials. n8n is a self-hosted open-source automation tool that many organizations use to integrate chat applications, forms, cloud storage, databases, and third-party APIs, with over 100 million Docker downloads and millions of users across thousands of companies.

The root of the problem lies in how n8n processes webhooks, the mechanism used to trigger workflows when data arrives from external systems such as web forms, messaging platforms, or notification services. By exploiting a "Content-Type Confusion" flaw, an attacker can manipulate HTTP headers to overwrite internal variables used by the application, enabling the reading of arbitrary files from the underlying system and escalating the attack to full remote code execution. The vulnerability occurs when a file handling function is executed without first verifying whether the content type is "multipart/form-data", potentially allowing an attacker to overwrite the req.body.files object and control the filepath parameter, enabling them to copy any local system file instead of a user-uploaded file.

The attack can be carried out through multiple stages: using the arbitrary read primitive to access the database located at "/home/node/.n8n/database.sqlite" and load it into the knowledge base, extracting the admin user ID, email, and password hash using the chat interface, using the arbitrary read primitive again to load a configuration file and extract the secret encryption key, using the obtained information to forge a fake session cookie and gain administrative access, and finally achieving remote code execution by creating a new workflow with an "Execute Command" node. The centralization of credentials and access in n8n makes this flaw particularly dangerous, as the platform is frequently trusted with high-value secrets and broad access because it orchestrates workflows across an organization's entire digital estate, connecting countless systems such as organizational Google Drive, OpenAI API keys, Salesforce data, IAM systems, payment processors, customer databases, and CI/CD pipelines.

Cyera reported that they privately disclosed the vulnerability on November 9, 2025, and the n8n security team confirmed the issue the following day, silently releasing a fix on November 18 as part of version 1.121.0, weeks before the bug was publicly assigned a CVE identifier. The vulnerability affects all n8n versions prior to and including 1.65.0, and was fixed in version 1.121.0, although the most recent library versions are 1.123.10, 2.1.5, 2.2.4, and 2.3.0. Data from attack surface management platform Censys indicates 26,512 exposed n8n hosts, with the vast majority located in the United States (7,079), Germany (4,280), France (2,655), Brazil (1,347), and Singapore (1,129). This is the fourth critical vulnerability disclosed by n8n in the past two weeks, including CVE-2025-68613, CVE-2025-68668 (N8scape), and CVE-2026-21877. Users are strongly advised to update to the patched version or later as soon as possible, avoid exposing n8n to the internet, and enforce authentication for all forms, with the recommended temporary workaround being to restrict or disable publicly accessible webhook and form endpoints.

This post was translated and summarized from its original version using AI, with human review.

With information from The Register and The Hacker News