N8n form-based workflow file-read flaw (CVE-2026-21858)
Vulnerability
Summary
Hide ▲
Show ▼
n8n disclosed CVE-2026-21858 (CVSS 10.0), a maximum-severity Content-Type confusion flaw in form-based workflows that can let an unauthenticated remote attacker read local files and potentially gain admin access. The issue can expose sensitive configuration data and secrets on susceptible instances, creating a path toward full compromise. n8n says the flaw was fixed in version 1.121.0 and affects all versions prior to and including 1.65.0.
Related Happenings
N8n actively exploited remote code execution vulnerability (CVE-2025-68613)
Vulnerability
First: 11.03.2026 20:21
Last: 11.03.2026 20:21
Sources 1
About this happening:
An **actively exploited** **n8n** remote code execution flaw, **CVE-2025-68613**, lets authenticated attackers run arbitrary code on vulnerable servers and can lead to full compro...
N8n actively exploited remote code execution vulnerability (CVE-2025-68613)
VulnerabilityAbout this happening: An **actively exploited** **n8n** remote code execution flaw, **CVE-2025-68613**, lets authenticated attackers run arbitrary code on vulnerable servers and can lead to full compro...
Latest development: 12.03.2026 07:18
CISA adds CVE-2025-68613, an n8n expression-injection flaw with CVSS 9.9 that can lead to remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; CISA says it is the first n8n vulnerability placed in KEV.
N8n sandbox escape flaws (multiple vulnerabilities)
Vulnerability
First: 04.02.2026 15:00
Last: 04.02.2026 15:00
Sources 1
About this happening:
Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
N8n sandbox escape flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/Mitigation
First: 03.02.2026 18:15
Last: 03.02.2026 18:15
Sources 1
About this happening:
**Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/MitigationAbout this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
N8n eval injection sandbox bypass flaws (multiple vulnerabilities)
Vulnerability
First: 28.01.2026 14:43
Last: 28.01.2026 14:43
Sources 1
About this happening:
Two **n8n** eval-injection flaws, **CVE-2026-1470** and **CVE-2026-0863**, now expose susceptible instances to **authenticated remote code execution** and **arbitrary Python code...
N8n eval injection sandbox bypass flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: Two **n8n** eval-injection flaws, **CVE-2026-1470** and **CVE-2026-0863**, now expose susceptible instances to **authenticated remote code execution** and **arbitrary Python code...
Grist-Core Cellbreak sandbox escape (CVE-2026-24002)
Vulnerability
First: 27.01.2026 12:36
Last: 27.01.2026 12:36
Sources 1
About this happening:
A **critical** **Grist-Core** vulnerability, **CVE-2026-24002** (**Cellbreak**), can let **malicious spreadsheet formulas** trigger **remote code execution** on self-hosted instan...
Grist-Core Cellbreak sandbox escape (CVE-2026-24002)
VulnerabilityAbout this happening: A **critical** **Grist-Core** vulnerability, **CVE-2026-24002** (**Cellbreak**), can let **malicious spreadsheet formulas** trigger **remote code execution** on self-hosted instan...
Timeline
-
07.01.2026 15:48 2 articles · 4mo ago
Discovery of CVE-2026-21858 in n8n
Technical Analysis UpdateSecurity researcher Dor Attias discovered and reported CVE-2026-21858 in n8n on November 9, 2025, identifying a Content-Type confusion flaw in form-based workflows that could let an attacker access files on the underlying server.
Show sources
- Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control — thehackernews.com — 07.01.2026 15:48
- Max severity Ni8mare flaw impacts nearly 60,000 n8n instances — www.bleepingcomputer.com — 12.01.2026 16:05
-
07.01.2026 15:48 1 articles · 4mo ago
n8n patches CVE-2026-21858 in version 1.121.0
Mitigation Patch Updaten8n released version 1.121.0 on November 18, 2025 to address CVE-2026-21858, a flaw affecting all versions of n8n prior to and including 1.65.0 that could expose sensitive information and enable further compromise depending on deployment configuration and workflow usage.
Show sources
- Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control — thehackernews.com — 07.01.2026 15:48
-
07.01.2026 15:48 1 articles · 4mo ago
Public disclosure of CVE-2026-21858 in n8n
Initial DisclosureCybersecurity researchers disclosed CVE-2026-21858 in n8n on January 7, 2026, describing a maximum-severity Content-Type confusion issue in form-based workflows that could allow an unauthenticated remote attacker to read local files, extract sensitive secrets, forge administrator access, and potentially execute arbitrary commands on the server.
Show sources
- Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control — thehackernews.com — 07.01.2026 15:48