Cybersecurity

Latest: Max Severity Ni8mare Flaw Impacts Nearly 60,000 N8n Instances

2026-01-12 0 views admin
Latest: Max Severity Ni8mare Flaw Impacts Nearly 60,000 N8n Instances

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare."

n8n is an open-source workflow automation platform that allows users to connect different applications and services via pre-built connectors and a visual, node-based interface to automate repetitive tasks without writing code.

The automation platform is widely used in AI development to automate data ingestion and build AI agents and RAG pipelines. It has over 100 million pulls on Docker Hub and over 50,000 weekly downloads on npm.

Since n8n serves as a central automation hub, it often stores API keys, OAuth tokens, database credentials, cloud storage access, CI/CD secrets, and business data, making it an attractive target for threat actors.

Tracked as CVE-2026-21858, this security flaw stems from an improper input validation weakness that allows remote, unauthenticated attackers to take control over locally deployed n8n instances after gaining access to files on the underlying server.

"A vulnerable workflow could grant access to an unauthenticated remote attacker. This could potentially result in exposure of information stored on the system and may enable further compromise depending on deployment configuration and workflow usage," the n8n team explained.

"An n8n instance is potentially vulnerable if it has an active workflow with a Form Submission trigger accepting a file element, and a Form Ending node returning a binary file."

Over the weekend, the Internet security watchdog group Shadowserver found 105,753 unpatched instances exposed online and 59,558 still exposed on Sunday, with more than 28,000 IPs found in the United States and over 21,000 in Europe.

To block potential attacks, admins are advised to upgrade their n8n instances to version 1.121.0 or later as soon as possible.

While n8n developers said that there is no official workaround available for Ni8mare, admins who can't immediately upgrade may be able to block potential attacks by restricting or disabling publicly accessible webhook and form endpoints.

Source: BleepingComputer

🏷️ Tags

securityvulnerabilitycveattackthreat

More from Cybersecurity

Facebook Login Thieves Now Using Browser-in-browser Trick 2026

Facebook Login Thieves Now Using Browser-in-browser Trick 2026

2026-01-12 0
Cisa Orders Feds To Patch Gogs RCE Flaw Exploited In Zero-day Attacks (2026)

Cisa Orders Feds To Patch Gogs RCE Flaw Exploited In Zero-day Attacks (2026)

2026-01-12 0
'bad Actor' Hijacks Apex Legends Characters In Live Matches 2026

'bad Actor' Hijacks Apex Legends Characters In Live Matches 2026

2026-01-12 0
New Hexnode Moves Into Endpoint Security With Hexnode XDR 2026 - Analysis

New Hexnode Moves Into Endpoint Security With Hexnode XDR 2026 - Analysis

2026-01-12 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views