A critical vulnerability in the n8n automation platform enables attackers to access and manipulate files, risking full system compromise. The flaw stems from a Content-Type confusion that allows unauthorized extraction of sensitive data and command execution. #CVET-2026-21858 #Ni8mare
Keypoints
- A critical security flaw affects n8nās webhook and file-handling logic, leading to potential remote code execution.
- The vulnerability involves a Content-Type confusion that misparses uploaded files, allowing file control by attackers.
- Attacks can escalate to full system takeover by extracting databases, configuration files, and forging administrator sessions.
- The issue was patched in n8n version 1.121.0 released on November 18, 2025.
- Organizations running internet-facing instances are urged to update immediately or disable public endpoints temporarily.
Read More: https://www.securityweek.com/critical-vulnerability-exposes-n8n-instances-to-takeover-attacks/