Cybersecurity researchers uncovered a critical vulnerability (CVE-2026-21858) in the n8n workflow automation platform that could lead to full system compromise. This flaw allows attackers to access sensitive files and escalate to administrative control, emphasizing the importance of timely patching and security measures. #n8n #CVE-2026-21858
Keypoints
- The vulnerability affects all n8n versions up to 1.65.0 and was fixed in version 1.121.0.
- It exploits Content-Type confusion in how n8n handles form submissions and file uploads.
- Attackers can override req.body.files, leading to unauthorized file access on the server.
- The flaw can be exploited to extract administrator credentials and achieve remote code execution.
- Users are advised to update to newer versions, restrict external access, and enforce authentication on webhooks.
Read More: https://thecyberexpress.com/cve-2026-21858-n8n-webhook-vulnerability/