INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
| 2026-01-28 12:43 CRITICAL HIGHExecutive Summary AI-generated
The discovery of two critical security flaws in the n8n workflow automation platform has sent shockwaves through the cybersecurity community. The vulnerabilities, identified by JFrog Security Research team as CVE-2026-1470 and CVE-2026-0863, have been listed below:
CVE-2026-1470 is an eval injection vulnerability that could allow authenticated users to bypass Expression sandbox mechanism and achieve full remote code execution on n8n's main node. The score for this exploit has been rated as 9.9 by CVSS.
The same vulnerabilities also pose a threat with CVE-2026-0863, which allows unauthenticated attackers to bypass the Expression sandbox mechanism and run arbitrary Python code on the underlying operating system. This vulnerability was scored at 8.5 by CVSS.
These flaws have been identified in more than 39,000 n8n instances as of January 27, according to data from the Shadowserver Foundation. The vulnerabilities could potentially be exploited by attackers who are not authenticated and can bypass the platform's sandbox restrictions.
Technical Mitigations AI-generated
* Update n8n instances: Users should update their n8n instances to the following versions:
* CVE-2026-1470 - 1.123.17, 2.4.5, or 2.5.1
* CVE-2026-0863 - 1.123.14, 2.3.5, or 2.4.2
* Implement additional security measures: Organizations should consider implementing additional security measures to mitigate the risks associated with these vulnerabilities, such as:
* Enforcing strict access controls and authentication mechanisms for n8n instances
* Implementing sandbox restrictions on Python code execution in n8n instances
* Regularly monitoring and updating n8n instances to ensure they remain secure
Technical Observables
AI Podcast (EN) detail_available
detail_listen_ai (EN)
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation OreOperation Ore
CVE-2026-1470CVE-2026-1470
CVE-2026-21858CVE-2026-21858
CVE-2026-0863CVE-2026-0863
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
governmentgovernment
healthhealth
technologytechnology
legallegal
Incident Timeline
2025-01-15
N8n's n8n Flaws Allow Authenticated Remote Code Execution.
Click on any entity below to view its context and source!
infrastructure
N8N
Unless you’ve been living under a rock for the last year, you’ve probably heard of n8n.
2026-01-07
Cyera revealed the "Ni8mare" vulnerability (CVE-2026-21858) in a blog post yesterday.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-21858
Cyera revealed the “Ni8mare” vulnerability (CVE-2026-21858) in a blog post yesterday.
organisation
Ni8mare
Cyera revealed the “Ni8mare” vulnerability (CVE-2026-21858) in a blog post yesterday.
January 15, 2026
Threat actors exploited two high-severity n8n flaws to allow authenticated remote code execution in a targeted system.
January 15, 2026 11:16 PM
Threat actors exploited two high-severity n8n flaws in the popular database management software to gain unauthorized access and execute authenticated remote code.
January 16, 2026
Threat actors exploited two high-severity n8n flaws allowing them to execute authenticated remote code in the n8n application.
Click on any entity below to view its context and source!
infrastructure
N8N
Winter • January 16, 2026 4:17 AM
n8n is a node.js application.
observable
node.js
Winter • January 16, 2026 4:17 AM
n8n is a node.js application.
general_metric
2 applications
[2] Think Zipf distribution long tail
Clive Robinson • January 16, 2026 9:48 AM
@
January 17, 2026
Threat actors exploited two high-severity n8n flaws in a widely used web application to gain authenticated remote code execution.
January 18, 2026
Threat actors exploited two high-severity n8n flaws in the LLM's input processing pipeline to gain authenticated remote code execution.
Click on any entity below to view its context and source!
organisation
LLM
iAPX • January 18, 2026 12:17 PM
Nota bene: this is all about LLM failure modes.
January 18, 2026 12:10 PM
Threat actors exploited two high-severity n8n flaws in Microsoft's iAPX system to allow authenticated remote code execution.
Click on any entity below to view its context and source!
organisation
Microsoft
Honestly you could not make this stuff up…
iAPX • January 18, 2026 12:10 PM
MicroSoft is a problem in and by itself.
January 27, 2026
Threat actors exploited two high-severity n8n flaws in the n8n framework to allow authenticated remote code execution.
Click on any entity below to view its context and source!
infrastructure
N8N
As of January 27, 2026, more than
39,000 n8n instances
remain susceptible to the flaw, per data from the Shadowserver Foundation.
organisation
the Shadowserver Foundation
As of January 27, 2026, more than
39,000 n8n instances
remain susceptible to the flaw, per data from the Shadowserver Foundation.
general_metric
39,000 n8n instances
As of January 27, 2026, more than
39,000 n8n instances
remain susceptible to the flaw, per data from the Shadowserver Foundation.
Jan 28, 2026
Two high-severity vulnerabilities in n8n allowed authenticated remote code execution.
Click on any entity below to view its context and source!
infrastructure
N8N
An
eval injection vulnerability
that could allow an authenticated user to bypass the
Expression sandbox mechanism
and achieve full remote code execution on n8n's main node by passing specially crafted JavaScript code
CVE-2026-0863
(CVSS score: 8.5) -
An eval injection vulnerability that could allow an authenticated user to bypass n8n's python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system
Shachar Menashe, JFrog's vice president of security research, told The Hacker news that one of the reasons for CVE-2026-1470's high CVSS score despite requiring authentication is that "any user of n8n can exploit this issue and gain a complete takeover of the entire n8n instance, so that makes it a bit more dangerous.
"
Successful exploitation of the flaws could permit an attacker to hijack an entire n8n instance, including under scenarios where it's operating under "internal" execution mode.
In its documentation, n8n
notes
that using internal mode in production environments can pose a security risk, urging users to switch to external mode to ensure proper isolation between n8n and task runner processes.
"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog said in a statement shared with The Hacker News.
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
organisation
CVE-2026-0863
An
eval injection vulnerability
that could allow an authenticated user to bypass the
Expression sandbox mechanism
and achieve full remote code execution on n8n's main node by passing specially crafted JavaScript code
CVE-2026-0863
(CVSS score: 8.5) -
organisation
JFrog
An eval injection vulnerability that could allow an authenticated user to bypass n8n's python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system
Shachar Menashe, JFrog's vice president of security research, told The Hacker news that one of the reasons for CVE-2026-1470's high CVSS score despite requiring authentication is that "any user of n8n can exploit this issue and gain a complete takeover of the entire n8n instance, so that makes it a bit more dangerous.
organisation
CVE-2026-1470's
An eval injection vulnerability that could allow an authenticated user to bypass n8n's python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system
Shachar Menashe, JFrog's vice president of security research, told The Hacker news that one of the reasons for CVE-2026-1470's high CVSS score despite requiring authentication is that "any user of n8n can exploit this issue and gain a complete takeover of the entire n8n instance, so that makes it a bit more dangerous.
organisation
LLM
"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog said in a statement shared with The Hacker News.
organisation
n8n
"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog said in a statement shared with The Hacker News.
organisation
IAM
"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog said in a statement shared with The Hacker News.
organisation
The Hacker News
"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog said in a statement shared with The Hacker News.
infrastructure
1.123.17
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
infrastructure
2.4.5
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
infrastructure
2.5.1
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
infrastructure
1.123.14
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
infrastructure
2.3.5
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
infrastructure
2.4.2
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
organisation
Cyera Research Labs
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
organisation
Ni8mare
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
organisation
the JFrog Security Research
The weaknesses, discovered by the JFrog Security Research team, are listed below -
CVE-2026-1470
(CVSS score: 9.9) -
Jan 28
Threat actors used a high-severity n8n flaw to allow authenticated remote code execution.
Click on any entity below to view its context and source!
infrastructure
N8N
Ravie Lakshmanan
Jan 28, 2026
Vulnerability / Workflow Automation
Cybersecurity researchers have
disclosed
two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.
tactic
Remote Code Execution
Ravie Lakshmanan
Jan 28, 2026
Vulnerability / Workflow Automation
Cybersecurity researchers have
disclosed
two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.
organisation
Vulnerability / Workflow Automation
Ravie Lakshmanan
Jan 28, 2026
Vulnerability / Workflow Automation
Cybersecurity researchers have
disclosed
two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.
2026-01-28
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution.
Click on any entity below to view its context and source!
organisation
US Corporate Interests
It’s having it forced in as part of every trade agreement and dispute resolution process the equivalent of 1201… Built into every countries legislation to protect only US Corporate Interests that has caused US Corporates to have an unfair advantage that they abuse in every way possible…
Suspend or remove it and suddenly a Corporate is facing very real issues, the cost of which can not be made tax deductable thus will rapidly start to bite.
organisation
US Corporates
It’s having it forced in as part of every trade agreement and dispute resolution process the equivalent of 1201… Built into every countries legislation to protect only US Corporate Interests that has caused US Corporates to have an unfair advantage that they abuse in every way possible…
Suspend or remove it and suddenly a Corporate is facing very real issues, the cost of which can not be made tax deductable thus will rapidly start to bite.
organisation
Corporate
It’s having it forced in as part of every trade agreement and dispute resolution process the equivalent of 1201… Built into every countries legislation to protect only US Corporate Interests that has caused US Corporates to have an unfair advantage that they abuse in every way possible…
Suspend or remove it and suddenly a Corporate is facing very real issues, the cost of which can not be made tax deductable thus will rapidly start to bite.
infrastructure
Windows
Some however that know where “the skeletons are buried” have been prosecuted to “keep them quiet” or out of plain maliciousness / revenge others have died mysteriously “Falling out of windows”…
[1] There is a funny side story to SOCA… they had at least five supposedly secret bases in the UK near to major roads that connected easily to transport hubs (one was supposedly under a motorway where “towed cars” were stored).
organisation
Operation Ore
First by ousting various people on Operation Ore, or shuffling them around into “new areas” then disbanding many Met Operational Units and creating the “Serious Organised Crime Agency”(SOCA)[1] then disbanding SOCA and creating the “National Crime Agency”(NCA) and so on so that “records are mislaid and Operation Ore personnel retired or out of the Met and NCA”
organisation
Met Operational Units
First by ousting various people on Operation Ore, or shuffling them around into “new areas” then disbanding many Met Operational Units and creating the “Serious Organised Crime Agency”(SOCA)[1] then disbanding SOCA and creating the “National Crime Agency”(NCA) and so on so that “records are mislaid and Operation Ore personnel retired or out of the Met and NCA”
organisation
the “National Crime Agency”(NCA
First by ousting various people on Operation Ore, or shuffling them around into “new areas” then disbanding many Met Operational Units and creating the “Serious Organised Crime Agency”(SOCA)[1] then disbanding SOCA and creating the “National Crime Agency”(NCA) and so on so that “records are mislaid and Operation Ore personnel retired or out of the Met and NCA”
organisation
Met
First by ousting various people on Operation Ore, or shuffling them around into “new areas” then disbanding many Met Operational Units and creating the “Serious Organised Crime Agency”(SOCA)[1] then disbanding SOCA and creating the “National Crime Agency”(NCA) and so on so that “records are mislaid and Operation Ore personnel retired or out of the Met and NCA”
organisation
NCA
First by ousting various people on Operation Ore, or shuffling them around into “new areas” then disbanding many Met Operational Units and creating the “Serious Organised Crime Agency”(SOCA)[1] then disbanding SOCA and creating the “National Crime Agency”(NCA) and so on so that “records are mislaid and Operation Ore personnel retired or out of the Met and NCA”
organisation
npm security
[1] ‘
Or search for node.js or npm security warnings
organisation
Prompt Engineering
AI Agents can be “prompt engineered” into
“Exfiltrating everything an AI Agent is allowed to see”
And most automated workflows have two major disadvantages,
1, Prompt Engineering is hidden from user view.
organisation
Are Getting Better
This personal website expresses the opinions of none of those organizations.
### Related Entries
* AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
* AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
* Legal Restrictions on Vulnerability Disclosure
*
organisation
Getting Better at Finding and Exploiting Internet
This personal website expresses the opinions of none of those organizations.
### Related Entries
* AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
* AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
* Legal Restrictions on Vulnerability Disclosure
*
infrastructure
N8N
New Vulnerability in n8n.
[Image 1: Atom]( 2: Facebook]( 3: Twitter]( 4: Email](
HomeBlog
New Vulnerability in n8n
------------------------
This isn’t good:
>
We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally.
“n8n is the go-to platform for building automated workflows in the age of AI and AI agents.”
Unless you’re in the same silo as me, you’ll never have heard of n8n.
Apparently n8n is some sort of AI agent thing.
But no one seems to know when
[1] I don’t know how n8n fares in this respect.
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution.
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers.
Security experts have warned of a critical new vulnerability in popular AI workflow automation platform n8n that could enable adversaries to take over locally deployed instances and compromise enterprise secrets.
The n8n platform has over 100 million Docker pulls and millions of users, with 100,000 servers potentially exposed, Cyera said.
“Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses.
A compromised n8n instance doesn’t just mean losing one system – it means handing attackers the keys to everything,” Cyera explained.
How it Works
The vulnerability relates to the webhooks that start workflows in n8n.
If a threat actor were to change the content type to something like application/json, the n8n middleware would call the regular parser instead of the special file upload parser.
Thus, n8n would process file-related fields without verifying that the request contains a valid file upload, meaning an attacker could control the file metadata and file path.
The vulnerability can therefore be used to read arbitrary files from an n8n instance, and in turn expose secrets, inject files into workflows, forge session cookies for authentication bypass and achieve arbitrary code execution, the report
warned
.
infrastructure
100,000 estimated servers
We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally.
The n8n platform has over 100 million Docker pulls and millions of users, with 100,000 servers potentially exposed, Cyera said.
victims
10,000 employees
“Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses.
organisation
CVSS
It has a CVSS score of 10.0, reflecting the fact that remote, unauthenticated hackers can exploit the bug with potentially severe consequences.
infrastructure
1.121.0
Users should upgrade to version 1.121.0 or later to remediate the vulnerability.
organisation
Node.js
Node.js and it’s package manager npm have severe security problems.[1]
Running node.js applications securely is non-trivial [2]
organisation
AI Agents
The thing is “automated workflows” for AI and AI Agents has other risks attached as well.
organisation
NPM
NPM is worse, with supply chain vulnerabilities.
organisation
node
Any node application loads a cascade of JavaScript libraries, big and small.[1] Some not more than a single line of code.
organisation
EU
It was only when the EU came up with fines relating to a percentage of global turn over that those execs and large share holders suddenly started taking notice.
organisation
Microsoft
Which means that Microsoft will have to have customers,
1, That have privilege and rights.
victims
1 customers
Which means that Microsoft will have to have customers,
1, That have privilege and rights.
organisation
Current AI LLM
It’s why I’ve repeatedly warned Current AI LLM and ML Systems are the most insidious form of surveillance yet made (and it will get worse).
organisation
ML Systems
It’s why I’ve repeatedly warned Current AI LLM and ML Systems are the most insidious form of surveillance yet made (and it will get worse).
organisation
Microsft
Hence I’ve said on a few occasions that Microsft has the “Be Plan” for AI of,
“**Bedazzle, Beguile, Bewitch, Befriend and Betray”**”
Which so far covers ChatBots and AI Agents which I expect will also be the case for other computer and electronic communications use.
organisation
Beguile
Hence I’ve said on a few occasions that Microsft has the “Be Plan” for AI of,
“**Bedazzle, Beguile, Bewitch, Befriend and Betray”**”
Which so far covers ChatBots and AI Agents which I expect will also be the case for other computer and electronic communications use.
organisation
System Administrator Privileges
Where Microsoft and others profit directly and indirectly from the “Betray” aspect of what is “Client sides scanning with System Administrator Privileges”.
organisation
ePos
Sainsbury’s during a supposedly “unrelated” investigation discovered that the ePos readers had an extra built in… Of a mobile phone dongle that was being accessed from abroad to download Credit Card and PIN information.
organisation
Credit Card
Sainsbury’s during a supposedly “unrelated” investigation discovered that the ePos readers had an extra built in… Of a mobile phone dongle that was being accessed from abroad to download Credit Card and PIN information.
organisation
ICT Professionals
So a deliberately organised “Supply Chain Poisoning Attack” long before even most ICT Professionals realised such attacks were possible.
organisation
Harvard
I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.
organisation
Kennedy School
I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.
organisation
EFF
I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.
organisation
Inrupt, Inc.
I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.
organisation
Apple
Serious F5 Breach
* Apple's Bug Bounty Program
### Featured Essays
* Four Ways AI Is Being Used to Strengthen Democracies Worldwide
*
organisation
Bug Bounty Program
Serious F5 Breach
* Apple's Bug Bounty Program
### Featured Essays
* Four Ways AI Is Being Used to Strengthen Democracies Worldwide
*
organisation
Defend Privacy--Support
[Image 11: Support Bloggers' Rights!]( 12: Defend Privacy--Support Epic](
* Blog
*
organisation
CI
However, because it plays such an important role in enterprise automation efforts – connecting to Google Drive, Salesforce, OpenAI, CI/CD pipelines, payment processors and more – the blast radius of a compromised server could be “massive,” the vendor warned.
organisation
API
“API credentials, OAuth tokens, database connections, cloud storage – all centralized in one place.
November 9
N8N provided a patch for the high-severity vulnerability.
Click on any entity below to view its context and source!
infrastructure
N8N
Cyera thanked the security team at n8n for its prompt response in patching the flaw, which was reported on November 9 and fixed nine days later.
Tactical Metrics
Metrics
infrastructure
Windows
Affected Product
Click for context!
Some however that know where “the skeletons are buried” have been prosecuted to “keep them quiet” or out of plain maliciousness / revenge others have died mysteriously “Falling out of windows”…
[1] There is a funny side story to SOCA… they had at least five supposedly secret bases in the UK near to major roads that connected easily to transport hubs (one was supposedly under a motorway where “towed cars” were stored).
Metrics
infrastructure
N8N
Affected Product
New Vulnerability in n8n.
[Image 1: Atom]( 2: Facebook]( 3: Twitter]( 4: Email](
HomeBlog
New Vulnerability in n8n
------------------------
This isn’t good:
>
We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally.
“n8n is the go-to platform for building automated workflows in the age of AI and AI agents.”
Unless you’ve been living under a rock for the last year, you’ve probably heard of n8n.
Unless you’re in the same silo as me, you’ll never have heard of n8n.
Apparently n8n is some sort of AI agent thing.
Winter • January 16, 2026 4:17 AM
n8n is a node.js application.
But no one seems to know when
[1] I don’t know how n8n fares in this respect.
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution.
Ravie Lakshmanan
Jan 28, 2026
Vulnerability / Workflow Automation
Cybersecurity researchers have
disclosed
two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.
An
eval injection vulnerability
that could allow an authenticated user to bypass the
Expression sandbox mechanism
and achieve full remote code execution on n8n's main node by passing specially crafted JavaScript code
CVE-2026-0863
(CVSS score: 8.5) -
An eval injection vulnerability that could allow an authenticated user to bypass n8n's python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system
Shachar Menashe, JFrog's vice president of security research, told The Hacker news that one of the reasons for CVE-2026-1470's high CVSS score despite requiring authentication is that "any user of n8n can exploit this issue and gain a complete takeover of the entire n8n instance, so that makes it a bit more dangerous.
"
Successful exploitation of the flaws could permit an attacker to hijack an entire n8n instance, including under scenarios where it's operating under "internal" execution mode.
In its documentation, n8n
notes
that using internal mode in production environments can pose a security risk, urging users to switch to external mode to ensure proper isolation between n8n and task runner processes.
"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog said in a statement shared with The Hacker News.
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
As of January 27, 2026, more than
39,000 n8n instances
remain susceptible to the flaw, per data from the Shadowserver Foundation.
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers.
Security experts have warned of a critical new vulnerability in popular AI workflow automation platform n8n that could enable adversaries to take over locally deployed instances and compromise enterprise secrets.
The n8n platform has over 100 million Docker pulls and millions of users, with 100,000 servers potentially exposed, Cyera said.
“Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses.
A compromised n8n instance doesn’t just mean losing one system – it means handing attackers the keys to everything,” Cyera explained.
How it Works
The vulnerability relates to the webhooks that start workflows in n8n.
If a threat actor were to change the content type to something like application/json, the n8n middleware would call the regular parser instead of the special file upload parser.
Thus, n8n would process file-related fields without verifying that the request contains a valid file upload, meaning an attacker could control the file metadata and file path.
The vulnerability can therefore be used to read arbitrary files from an n8n instance, and in turn expose secrets, inject files into workflows, forge session cookies for authentication bypass and achieve arbitrary code execution, the report
warned
.
Cyera thanked the security team at n8n for its prompt response in patching the flaw, which was reported on November 9 and fixed nine days later.
Metrics
infrastructure
100,000
Estimated Servers
We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally.
The n8n platform has over 100 million Docker pulls and millions of users, with 100,000 servers potentially exposed, Cyera said.
Metrics
infrastructure
1.121.0
Software Version
Users should upgrade to version 1.121.0 or later to remediate the vulnerability.
Metrics
victims
1
Customers
Which means that Microsoft will have to have customers,
1, That have privilege and rights.
Metrics
infrastructure
1.123.17
Software Version
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
Metrics
infrastructure
2.4.5
Software Version
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
Metrics
infrastructure
2.5.1
Software Version
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
Metrics
infrastructure
1.123.14
Software Version
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
Metrics
infrastructure
2.3.5
Software Version
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
Metrics
infrastructure
2.4.2
Software Version
"
To address the flaws, users are advised to update to the following versions -
CVE-2026-1470
- 1.123.17, 2.4.5, or 2.5.1
CVE-2026-0863
- 1.123.14, 2.3.5, or 2.4.2
The development comes merely weeks after Cyera Research Labs detailed a maximum-severity security flaw in n8n (
CVE-2026-21858
aka Ni8mare) that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
Metrics
victims
10,000
Employees
“Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses.
Intelligence Sources
Schneier on Security
2026-01-15
New Vulnerability in n8n
Schneier on Security
The Hacker News
2026-01-28
Infosecurity-Magazine
2026-01-08
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers
Infosecurity-Magazine
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Reset / Delete
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T06:34
Comprehensive Tactical Telemetry
Highly Correlated Entities
49x
organisation
Identified Entity
US Corporate Interests
entity
15x
timeline
Temporal Reference
1999
date
13x
attribution
Attributing Entity
Credit Card Details
authority
7x
infrastructure
Software Version
1.121.0
version
4x
source region
Origin Country
United States
country
4x
industry
Targeted Sector
Government
sector
3x
target region
Target Country
United States
country
3x
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
3x
vulnerability
Exploited CVE
CVE-2026-21858
cve
2x
infrastructure
Affected Product
Windows
software
2x
tactic
Cyber Operation Type
Remote Code Execution
tactic
Contextual Telemetry
Context Block
15 METRICS
campaign
Campaign
Operation Ore
operation
general metric
Things
1
things
general metric
Facebook
3
facebook
general metric
Twitter
4
twitter
vulnerability
CVSS Score
10
score
infrastructure
Estimated Servers
100,000
estimated servers
general metric
Applications
2
applications
victims
Customers
1
customers
general metric
Suicides
30
suicides
general metric
Search
13
search
general metric
Score
10
score
general metric
1.123.17
1,470
1.123.17
general metric
N8N Instances
39,000
n8n instances
general metric
Docker Pulls
100,000,000
docker pulls
victims
Employees
10,000
employees
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.