Cybersecurity

Update: Max Severity Ni8mare Flaw Lets Hackers Hijack N8n Servers 2026

2026-01-07 0 views admin
Update: Max Severity Ni8mare Flaw Lets Hackers Hijack N8n Servers 2026

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform.

The security issue is identified as CVE-2026-21858 and has a 10 out of 10 severity score. According to researchers at data security company Cyera, there are more than 100,000 vulnerable n8n servers.

n8n is an open-source workflow automation tool that allows users to connect applications, APIs, and services into complex workflows via a visual editor. It is primarily used to automate tasks and supports integrations with AI and large language model (LLM) services.

It has over 50,000 weekly downloads on npm and more than 100 million pulls on Docker Hub. It is a popular tool in the AI space, where it is used to orchestrate LLM calls, build AI agents and RAG pipelines, and automate data ingestion and retrieval.

The Ni8mare vulnerability gives an attacker access to files on the underlying server by executing certain form-based workflows.

"A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage," n8n developers say.

Cyera researchers discovered the Ni8mare vulnerability (CVE-2026-21858) and reported it to n8n on November 9, 2025. They say that the security issue is a content-type confusion in the way n8n parses data.

n8n uses two functions to process incoming data based on the 'content-type' header configured in a webhook, the component that triggers events in a workflow by listening for specific messages.

When the webhook request is marked as multipart/form-data, n8n treats it as a file upload and uses a special upload parser that saves files in randomly generated temporary locations.

"This means users can’t control where files end up, which protects against path traversal attacks."

Source: BleepingComputer

🏷️ Tags

securityhackvulnerabilitycveattack

More from Cybersecurity

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

2026-01-09 0
Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

2026-01-09 0
Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

2026-01-09 0
Fbi Warns North Korean Hackers Using Malicious Qr Codes In

Fbi Warns North Korean Hackers Using Malicious Qr Codes In

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views