Full Report
This isn’t good: We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability. Three technical links and two news links.
Analysis Summary
# Vulnerability: Critical Takeover Flaw in n8n (CVE-2026-21858)
## CVE Details
- CVE ID: CVE-2026-21858
- CVSS Score: 10.0 (Critical)
- CWE: Not specified in the context.
## Affected Systems
- Products: n8n (Automation platform)
- Versions: Prior to 1.121.0
- Configurations: Locally deployed instances.
## Vulnerability Description
A critical vulnerability discovered in n8n allows an attacker to achieve full takeover of locally deployed instances. The name associated with this flaw appears to be related to "Ni8mare."
## Exploitation
- Status: Implied high risk, specific PoC availability is not confirmed but the severity suggests potential for weaponization.
- Complexity: Implied Low/Medium given the critical impact stated.
- Attack Vector: Local (Takeover of locally deployed instances).
## Impact
- Confidentiality: High (Full instance takeover)
- Integrity: High (Full instance takeover)
- Availability: High (Full instance takeover)
## Remediation
### Patches
- Upgrade to n8n version 1.121.0 or later.
### Workarounds
- No official workarounds are available.
## Detection
- Detection methods and specific Indicators of Compromise (IOCs) are not detailed in the provided summary but should focus on monitoring unusual administrative actions or configuration changes on the n8n host.
## References
- Vendor Advisory (n8n Security Advisory): `https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg`
- Technical Research Link: `https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858`
- Vendor Communication: `https://community.n8n.io/t/security-advisory-security-vulnerability-in-n8n-versions-1-65-1-120-4/247305`
- News Coverage: `https://www.cybersecuritydive.com/news/critical-vulnerability-n8n-automation-platform/809360/`
- News Coverage: `https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-impacts-nearly-60-000-n8n-instances/`