Cybersecurity researchers have revealed a critical vulnerability in n8n that allows remote attackers to gain full control over affected instances through a content-type confusion flaw. This flaw, tracked as CVE-2026-21858, can enable file access, secret extraction, and remote code execution without requiring authentication. #n8n #CVE-2026-21858
Keypoints
- The vulnerability CVE-2026-21858 affects all n8n versions up to 1.65.0 and allows unauthenticated remote attacks.
- The flaw exploits improper handling of Content-Type headers in request processing, leading to file access and command execution.
- Attackers can read sensitive files, forge admin sessions, and escalate to remote code execution by manipulating request data.
- n8n has released version 1.121.0 to address this critical security flaw, which was disclosed in late November 2025.
- Users are advised to upgrade immediately, restrict public access, and enforce authentication on webhook endpoints to mitigate risks.
Read More: https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html