Technical Advisory: n8n Unauthenticated Remote Code Execution (Ni8mare)

‍Disclosed: January 7, 2026

‍Severity: Critical (CVSS 10.0)‍

Package/Component: n8n (Form webhook node)‍

Advisories: CVE-2026-21858‍

‍Exploitation Status: Proof-of-concept code publicly available; immediate exploitation risk given unauthenticated attack vector and widespread internet exposure

Executive Summary

What Happened: Cyera researchers discovered a critical-severity vulnerability called "Ni8mare" in the n8n workflow automation platform. This flaw allows unauthenticated attackers to execute remote code and take over systems completely. It affects over 100,000 servers worldwide. The platform has 50,000+ weekly npm downloads and over 100 million Docker Hub pulls.

Why It Matters:

• Supply Chain Risk: n8n serves as automation infrastructure connecting multiple business systems, making it a high-value target for attackers seeking to pivot into connected services and extract credentials across the entire technology stack.
• Operational Continuity: Complete system compromise enables attackers to disrupt critical business workflows, manipulate automated processes, and inject malicious logic into production automation pipelines.
• AI/Automation Security: As organisations deploy agentic AI systems that rely on workflow automation platforms, vulnerabilities in the underlying infrastructure create direct pathways to compromise autonomous agents and their connected data sources.
• Regulatory Compliance: Exploitation could result in unauthorised access to sensitive data processed through automated workflows, triggering breach notification requirements and regulatory scrutiny.

High-Level Risks:

• Unauthorised access to all credentials and secrets stored in n8n workflows
• Complete control over automated business processes and data pipelines
• Lateral movement into connected enterprise systems and APIs
• Data exfiltration from integrated services without detection

Immediate Actions:

1. Upgrade all n8n instances to version 1.121.0 or later immediately
2. Audit workflow configurations for exposed webhook endpoints
3. Rotate all credentials and API keys stored in n8n workflows
4. Review access logs for suspicious webhook activity

Overview

CVE-2026-21858 is a content-type confusion vulnerability in n8n’s Form webhook node that allows unauthenticated remote attackers to read arbitrary files from the host system, extract authentication secrets, and achieve remote code execution. The flaw stems from the Form webhook node’s failure to validate HTTP Content-Type headers before processing file uploads, enabling attackers to bypass secure parsing mechanisms and gain complete control over the n8n instance.

Vulnerability Context: This disclosure is part of a pattern of critical security issues in n8n, including CVE-2026-21877 (CVSS 10.0), CVE-2025-68613 (CVSS 9.9), and CVE-2025-68668 (CVSS 9.9), all providing pathways to system compromise through various attack vectors.

Risk Analysis

This threat is particularly concerning in the context of agentic AI systems due to:

1. Automation Infrastructure Compromise: n8n functions as central orchestration infrastructure for AI agents, meaning successful exploitation provides attackers with control over autonomous agent workflows, decision-making processes, and data access patterns across the entire deployment.
2. Credential Harvesting at Scale: The vulnerability enables extraction of all stored API keys, OAuth tokens, database credentials, and secrets used by automated workflows, providing attackers with a comprehensive map of enterprise integrations and privileged access to connected systems including cloud storage, CI/CD pipelines, and business-critical databases.
3. Unauthenticated Attack Surface: The flaw requires no authentication and has low attack complexity, making it trivially exploitable against internet-facing instances. With proof-of-concept code publicly available, over 100,000 vulnerable servers identified, and widespread internet exposure, the attack surface is extensive and actively targeted.

Technical Details

The vulnerability exploits a fundamental flaw in how n8n’s Form webhook node processes incoming data:

1. Content-Type Confusion:
   • n8n implements two separate parsing mechanisms for handling incoming webhook requests
   • For multipart/form-data requests, n8n uses a secure upload parser that generates random temporary file paths, preventing path traversal attacks
   • For other content types (e.g., application/json), n8n uses a standard body parser without file upload validation
   • The Form webhook node’s file-handling function runs without verifying the Content-Type header is set to multipart/form-data
2. Exploitation Chain:
   • Attacker sends a request to a Form webhook endpoint
   • Changes the Content-Type header from multipart/form-data to application/json
   • Crafts a JSON payload that manually populates req.body.files[].filepath with arbitrary system paths (e.g., /etc/passwd, /home/node/.n8n/database.sqlite)
   • n8n’s regular body parser processes the JSON, allowing the attacker to override the req.body.files object with attacker-controlled values
   • The file-handling function copies the specified file from the arbitrary path into accessible storage
   • Attacker retrieves sensitive files including the SQLite database containing user records, credentials, and encryption keys
3. Privilege Escalation to RCE:
   • Extracted database and encryption keys from /home/node/.n8n/database.sqlite and /home/node/.n8n/config enable attackers to forge valid JWT session cookies
   • Authentication bypass grants administrative access to the n8n instance
   • Admin privileges allow creation of workflows containing “Execute Command” nodes
   • Arbitrary command execution achieves full system compromise with the privileges of the n8n process

Impact

Systems affected by this threat may experience:

• Complete compromise of the n8n instance and underlying host system
• Extraction of all stored credentials, API keys, OAuth tokens, and database passwords
• Unauthorised access to connected enterprise systems and third-party services
• Data exfiltration from integrated databases, APIs, and knowledge bases
• Manipulation or destruction of automated workflows and business processes
• Deployment of persistent backdoors in workflow automation logic
• Lateral movement into production infrastructure via stolen credentials
• Exposure of sensitive business data including API keys, OAuth tokens, database credentials, cloud storage access, and CI/CD secrets

Affected Versions

The following versions are known to be affected:

• n8n: All versions prior to 1.121.0
• Deployment Scope: Self-hosted n8n instances (all sources confirm self-hosted deployments are affected; n8n Cloud status not addressed in advisories)

Check Your Version:

# For npm installations
npm list n8n

# For Docker installations
docker exec <container_name> n8n --version

# Or check the n8n UI: Settings → About


Immediate Mitigation Steps

Important Note: No official workarounds exist for this vulnerability. The following are risk reduction measures; upgrading to version 1.121.0 or later is the only complete remediation.

1. Upgrade to Patched Version (Required):
   
   • # For npm installations
npm install -g n8n@latest
# Verify version 1.121.0 or higher
npm list n8n

# For Docker deployments
docker pull n8nio/n8n:latest
docker-compose down && docker-compose up -d
# Verify version
docker exec <container_name> n8n --version

2. Reduce Attack Surface (Temporary risk reduction only):
   • Immediately restrict external access to n8n instances
   • Place n8n behind VPN or private network segments
   • Disable publicly accessible webhook and form endpoints where not required
   • Implement IP allowlisting for webhook endpoints that must remain public
   • Enable authentication requirements on all Form webhook nodes
3. Incident Response and Detection:
   • Review n8n access logs for suspicious webhook requests since November 2025
   • Search for unusual Content-Type headers in webhook access logs (e.g., application/json on Form endpoints that expect multipart/form-data)
   • Look for requests to Form webhook endpoints with JSON payloads containing file-related keys
   • Audit all workflows for unauthorised modifications or newly created “Execute Command” nodes
   • Check system logs for unusual process execution from the n8n user account
   • Investigate outbound network connections from n8n processes to unexpected endpoints
   • Scan for unauthorised file modifications in directories accessible to the n8n process
4. Credential Rotation and System Integrity:
   • Rotate all API keys, database credentials, and secrets accessible to n8n processes immediately
   • Review host system integrity for signs of compromise (unauthorised users, cron jobs, SSH keys)
   • Check cloud provider audit logs for unauthorised access using potentially extracted credentials
   • Scan for backdoors, webshells, or persistence mechanisms on affected systems
   • Review connected systems for signs of lateral movement or unauthorised access

Long-term Recommendations

1. Architecture Security:
   • Deploy n8n in isolated network segments with strict firewall rules
   • Implement network segmentation between n8n and production data sources
   • Use dedicated service accounts with least-privilege access for n8n integrations
   • Deploy Web Application Firewall (WAF) rules to monitor webhook traffic patterns and detect Content-Type manipulation
   • Run n8n processes with minimal user privileges (non-root, restricted file system access)
2. Secrets Management:
   • Migrate credentials from n8n storage to external secrets management solutions
   • Implement credential rotation policies for all n8n-stored secrets
   • Use short-lived tokens and OAuth flows instead of long-term API keys where possible
   • Enable audit logging for all secrets access and modifications
   • Avoid storing sensitive credentials in environment variables; use encrypted secret stores
3. Monitoring and Detection:
   • Implement continuous monitoring for n8n webhook endpoint activity
   • Alert on anomalous Content-Type headers or unexpected file access patterns
   • Monitor for privilege escalation attempts and new admin account creation
   • Establish baseline behaviour profiles for workflow execution patterns
   • Integrate n8n audit logs with SIEM systems for correlation with other security events
   • Monitor for child processes spawned by n8n with unusual command-line arguments

Framework Context

This incident aligns with multiple security frameworks:

OWASP Agentic Security & Integrity (ASI) 2026:

• ASI02:2026 Tool Misuse and Exploitation - Form webhook node exploited beyond intended automation boundaries to achieve arbitrary file read and credential extraction, bypassing secure upload parser mechanisms through Content-Type manipulation
• ASI03:2026 Identity and Privilege Abuse - Extracted credentials and encryption keys enable attackers to forge valid JWT session cookies, escalating from unauthenticated access to administrative privileges across the n8n instance and connected systems
• ASI04:2026 Agentic Supply Chain Vulnerabilities - n8n as foundational workflow automation infrastructure creates cascading risk across dependent business processes, AI agent deployments, and enterprise integrations
• ASI05:2026 Unexpected Code Execution (RCE) - Content-Type confusion vulnerability enables privilege escalation from arbitrary file read to remote code execution through forged admin sessions and “Execute Command” workflow nodes

OWASP Agentic AI Threats & Mitigations (AATM) v1.0:

• T2 Tool Misuse - Webhook endpoint and Form node misused through Content-Type header manipulation to access file system resources beyond intended automation scope
• T3 Privilege Compromise - Authentication bypass achieved through credential extraction from configuration files and database, enabling privilege escalation from anonymous attacker to authenticated administrator
• T11 Unexpected RCE - Content-Type confusion converts webhook input processing into arbitrary command execution through multi-stage exploitation chain (file read → credential theft → admin access → code execution)

OWASP LLM Top 10 (2025):

• LLM03:2025 Supply Chain - n8n dependency vulnerability creates systemic exposure across AI automation workflows, agent orchestration platforms, and connected enterprise systems
• LLM06:2025 Excessive Agency - Workflow automation system grants excessive file system access privileges without proper Content-Type validation, enabling unauthenticated attackers to read arbitrary files and extract sensitive credentials

Common Weakness Enumeration (CWE):

• CWE-351 Insufficient Type Distinction - Content-Type confusion allows attackers to trigger unintended code paths by manipulating HTTP request headers, bypassing secure upload parser mechanisms and enabling arbitrary file path specification

Timeline

• November 9, 2025: Vulnerability reported to n8n
• November 18, 2025: Patched version 1.121.0 released
• January 6, 2026: CVE-2026-21858 assigned
• January 7, 2026: Public disclosure by Cyera Research Labs

Updates

We will update this analysis as more information becomes available. Please monitor our security channels for the latest updates.

‍