Unauthenticated RCE in AI automation software n8n

A critical (CVSS 10) vulnerability in the n8n AI workflow automation platform lets any unauthenticated user login as a system administrator, grab whatever files/folders it is plugged into, then pivot to full code execution.

The bug was quietly patched on November 18, and now has a CVE allocated (CVE-2026-21858). On-premises users should upgrade to version 1.121.0 or later, avoid exposing n8n to the internet like the plague, and require authentication for all forms they create, urged security firm Cyera today.

The vulnerability should not be confused with the n8n bug CVE-2026-21877 – which has attracted some security researcher controversy after it was allocated a CVSS 10 rating, despite requiring authentication to exploit. Or the two other CVSS 9.9 vulnerabilities n8n has disclosed in the last two weeks (CVE-2025-68613 and CVE-2025-68668), bringing the total to four critical CVEs since December 23.

Cyera security researcher Dor Attias, who found and reported the bug (n8n’s team responded within a day and patched within a week – kudos) wrote in a detailed vulnerability breakdown on Wednesday: “The blast radius of a compromised n8n is massive. n8n [is often found] connecting countless systems, your organizational Google Drive, OpenAI API keys, Salesforce data, IAM systems, payment processors, customer databases, CI/CD pipelines, and more. It’s the central nervous system of your automation infrastructure.

He added: “Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses. A compromised n8n instance (…) means handing attackers the keys to everything. API credentials, OAuth tokens, database connections, cloud storage - all centralized in one place.”

Small function flaw, big fallout

The vulnerability stems from a flaw in the n8n webhook and file handling mechanism. The bug exists in a legitimate workflow where a function for a file upload is called without accurately verifying the content type.

Cyera found a flaw in how n8n's webhook functions parse incoming requests, meaning attackers could manipulate request parsing logic and override file handling mechanisms to access internal files.

Because n8n is a workflow automation tool, this exposes any files and secret data available to the tool. Administrator login details could then be retrieved and manipulated to bypass authentication and achieve RCE. The Cyera report goes into more detail on how this can be achieved by a hypothetical threat actor.

Censys said it is watching over 25,000 n8n hosts which are exposed to the internet and therefore an active attack surface, however, there have been no reports of exploitation in the wild yet.

The Aikido security report on the vulnerability said the bug allowing “unauthenticated access to publicly exposed Forms or Webhooks” would “primarily affect self-hosted deployments rather than managed SaaS environments.” Managed systems don’t expose files the same way in n8n, according to Aikido's researchers.

The founder of n8n, Jan Oberhauser, took to LinkedIn on Thursday celebrating a recent fundraising round he participated in as an angel investor, but hasn't mentioned the bout of security flaws plaguing the software over the last few weeks.