Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

N8n authenticated RCE (CVE-2026-21877)

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

n8n fixed CVE-2026-21877, a CVSS 10.0 flaw that could let an authenticated user trigger remote code execution on affected instances. The issue impacts self-hosted deployments and n8n Cloud running >= 0.123.0 and < 1.121.3. Administrators should upgrade to 1.121.3 or later; if they cannot patch immediately, they should disable the Git node and restrict access for untrusted users.

Related Happenings

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

Terrarium CVE-2026-5752 mitigation guidance

Advisory/Mitigation
First: 22.04.2026 10:16 Last: 22.04.2026 10:16 Sources 1

About this happening: **CERT/CC** issued mitigation guidance for **Terrarium** deployments exposed to **CVE-2026-5752**, a **sandbox-escape** flaw that can lead to **root code execution**. The advice i...

Open Happening

N8n actively exploited remote code execution vulnerability (CVE-2025-68613)

Vulnerability
First: 11.03.2026 20:21 Last: 11.03.2026 20:21 Sources 1

About this happening: An **actively exploited** **n8n** remote code execution flaw, **CVE-2025-68613**, lets authenticated attackers run arbitrary code on vulnerable servers and can lead to full compro...

Latest development: 12.03.2026 07:18

CISA adds CVE-2025-68613, an n8n expression-injection flaw with CVSS 9.9 that can lead to remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; CISA says it is the first n8n vulnerability placed in KEV.

Open Happening

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

N8n sandbox escape flaws (multiple vulnerabilities)

Vulnerability
First: 04.02.2026 15:00 Last: 04.02.2026 15:00 Sources 1

About this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...

Open Happening

Timeline

  1. 07.01.2026 13:26 2 articles · 4mo ago

    n8n discloses CVE-2026-21877 authenticated RCE

    Initial Disclosure

    n8n disclosed CVE-2026-21877, a maximum-severity flaw rated CVSS 10.0 that could let an authenticated user execute untrusted code through the n8n service and potentially fully compromise affected self-hosted deployments and n8n Cloud instances. The issue affects versions >= 0.123.0 and < 1.121.3, is fixed in 1.121.3, and administrators are advised to upgrade or, if patching is not immediately possible, disable the Git node and restrict access for untrusted users.

    Show sources
    Open in new tab