Critical Vulnerability Discovered in n8n Automation Platform
A newly discovered, critical vulnerability – dubbed “Ni8mare” (CVE-2026-21858, CVSS 10.0) – poses a notable threat to organizations utilizing the n8n automation platform.The vulnerability allows attackers to remotely execute code on affected servers without authentication, potentially granting complete control of the system. This impacts an estimated 100,000 servers globally.
Understanding the Ni8mare Vulnerability
The Ni8mare vulnerability lies within n8n’s code adn,according to research from Cyera, enables unauthenticated remote code execution (RCE). RCE vulnerabilities are among the most severe, as they allow malicious actors to run arbitrary code on a compromised system. In the case of n8n, this means an attacker could potentially steal sensitive data, disrupt operations, or use the server as a launchpad for further attacks. The lack of authentication required to exploit this vulnerability substantially amplifies the risk.
Who is Affected?
The vulnerability impacts locally deployed instances of n8n versions 1.65 through 1.120.4. n8n is a popular choice for automating workflows and integrating various applications, making it a key component of many organizations’ digital infrastructure. As of its widespread use, the potential fallout from this vulnerability is considerable. It’s vital to note that cloud instances managed directly by n8n are not instantly affected, but self-hosted instances are at high risk.
Immediate Action Required: upgrade to Version 1.121.0 or Later
Currently, no official workarounds are available to mitigate the vulnerability. The only recommended course of action is to upgrade to version 1.121.0 or later as soon as possible. This update contains the necessary patches to address the security flaw. Organizations are urged to prioritize this upgrade to prevent potential exploitation.
Further Resources and Technical Details
Several resources provide more in-depth technical details about the vulnerability and its exploitation:
- n8n Community Forum Discussion: Provides a platform for users to discuss the vulnerability and share experiences.
- The Hacker News: Offers a news report detailing the vulnerability and potential attack vectors.
- NIST national Vulnerability Database: Provides a technical overview of the vulnerability,including its CVSS score and potential impact.(Note: the provided URL in the source directs to CVE-2025-68668, while the article references CVE-2026-21858. This has been verified to be a discrepancy, and the CVE-2026-21858 is the correct identifier for the n8n vulnerability as per Cyera’s report.)
- Cybersecurity Dive: Offers industry-specific coverage of the vulnerability and its implications.
- BleepingComputer: Provides a detailed analysis of the vulnerability and its potential impact on nearly 60,000 n8n instances.
Preventative Measures and Best Practices
beyond upgrading to the latest version of n8n, organizations should consider these preventative measures:
- Regular Security Audits: Regularly audit your n8n instances and surrounding infrastructure for vulnerabilities.
- Principle of Least Privilege: Ensure that n8n is running with the minimum necessary permissions.
- Network Segmentation: Isolate n8n instances from other critical systems on your network.
- Monitoring and Alerting: Implement robust monitoring and alerting systems to detect suspicious activity.
Posted on January 20, 2026 at 11:48:09
•
1 Comments
