CVE-2026-21858: Ni8mare Enables Unauthenticated RCE in n8n Webhooks
Executive Summary
CVE-2026-21858 (Ni8mare) is a critical unauthenticated remote code execution vulnerability in n8n, a widely used workflow automation platform. The flaw is caused by content-type confusion in webhook request handling, allowing attackers to forge uploaded files, read arbitrary local files, forge administrator sessions, and ultimately execute commands on the underlying host.
The vulnerability affects n8n versions prior to 1.121.0, is patched in 1.121.0 and later, carries a CVSS score of 10.0, and poses severe risk to publicly exposed and self-hosted n8n deployments.
What Is n8n?
If you work in DevOps, marketing ops, or anywhere automation meets APIs, n8n is probably wired into the heart of your stack. It’s the platform that quietly connects everything – Salesforce, Slack, OpenAI, internal services – acting as the central nervous system of modern teams.
At its core, n8n is a low-code workflow automation platform built around a node-based visual interface. Each node represents an app integration, a control-flow element (filters, conditionals, loops), or a custom JavaScript step. For example, a workflow might trigger on a GitHub webhook, enrich the event with data from an internal API, apply conditional logic, and then notify Slack or open a Jira ticket.
n8n can be deployed as a self-hosted service (commonly via Docker or Kubernetes) or consumed as a managed cloud offering, and its core is open source, allowing organizations to run and extend it within their own infrastructure. Because it often holds sensitive API keys and orchestrates core business workflows, it operates with a high level of trust across the environment.
Why n8n Has Become a High-Value Target
As the new year kicked off, a surge of newly disclosed CVEs put n8n under increased scrutiny, with multiple critical flaws surfacing in rapid succession. Several of these vulnerabilities reached the highest possible severity, earning a perfect 10.0 CVSS score – an unmistakable signal of real-world exploit potential. When a platform with this level of access becomes a focal point for attackers, patching is no longer optional.
The “Ni8mare” (CVE-2026-21858) – Technical Breakdown
Webhooks as the Entry Point
n8n workflows commonly start with Webhook nodes, which are designed to accept inbound HTTP requests from external systems. These webhooks can optionally support file uploads, typically parsed when requests are sent with the multipart/form-data content type.
Under expected behavior:
- Uploaded files are parsed by a multipart parser
File data is populated inreq.body.files - Downstream nodes rely on this structure to safely access uploads
Content-Type Confusion
The root cause of CVE-2026-21858 is that certain webhook handlers access req.body.files without validating the request’s content type.
As a result:
- Requests sent as
application/jsoncan still supply a craftedfilesobject - This attacker-controlled JSON bypasses multipart parsing
- n8n treats untrusted input as a legitimate uploaded file
This flaw collapses multiple trust boundaries and enables attackers to control file metadata, file paths, and downstream workflow behavior.
How the Ni8mare Exploit Chain Works
Arbitrary File Read
Once the structure of req.body.files is fully attacker-controlled, n8n no longer distinguishes between legitimate uploads and arbitrary file references. By pointing file paths to local system files, attackers can coerce the application into reading sensitive data directly from disk. This includes configuration files and internal databases that are never meant to be exposed through webhook workflows.
This step is critical, as it allows attackers to extract the information required to escalate privileges.
Admin Session Forgery
Access to internal files has immediate security implications. Among the retrieved data are secrets used to sign authentication cookies and manage user sessions. With these values in hand, an attacker can forge a valid administrator session and gain full access to the n8n management interface – without ever authenticating.
At this stage, the attack silently transitions from an unauthenticated request to full administrative control.
Remote Code Execution
Administrative access unlocks n8n’s most powerful capabilities. By creating or modifying workflows, an attacker can invoke nodes that execute system-level commands as part of normal automation logic. What began as a malformed webhook request now results in arbitrary code execution on the underlying host.
The entire attack chain completes without user interaction and without triggering authentication boundaries.
Why This Matters
n8n is commonly used as an automation hub, connecting APIs, internal services, databases, and third-party platforms. These workflows often operate with high levels of trust and access, including stored credentials and execution privileges.
Ni8mare turns that trust into an attack vector. An unauthenticated attacker can take over the automation engine itself, gaining control over everything the platform is allowed to access and execute. What begins as a webhook parsing flaw quickly escalates into full infrastructure exposure.
The vulnerability also underscores a broader risk in automation platforms: flexible input handling significantly expands the attack surface when strict validation is missing. In this case, a single content-type confusion flaw collapses multiple security boundaries at once.
The Supporting Cast of Critical Flaws
While Ni8mare is the only vulnerability in this group that enables unauthenticated exploitation, three additional high-severity issues were disclosed that allow authenticated users to achieve remote code execution.
CVE-2026-21877
This vulnerability allows an authenticated attacker to upload files with dangerous types that are not properly restricted. Under these conditions, untrusted code can be executed through the n8n service, leading to full compromise of the instance.
Severity: 10.0
Patched in: 1.121.3
N8scape (CVE-2025-68668)
N8scape is a sandbox escape vulnerability in n8n’s Python Code Node. An authenticated user with workflow-editing permissions can break out of the Pyodide-based sandbox and execute arbitrary system commands on the host.
Severity: 9.9
Patched in: 2.0.0
CVE-2025-68613
This issue stems from improper control of dynamically managed code resources. Under specific conditions, an authenticated attacker can abuse this behavior to trigger remote code execution within the n8n environment.
Severity: 9.9
Patched in: 1.120.4, 1.121.1, and 1.122.0
How Upwind Can Help
While patching is the primary defense, ensuring your runtime environment is secure is critical.
- API-level threat detection
Upwind monitors API and webhook traffic in real time, allowing security teams to detect malicious payloads that exploit parsing ambiguities and request‑metadata abuse. Suspicious content‑type mismatches, anomalous request structures, and unexpected parameter injection into automation endpoints are surfaced early – before they can be chained into deeper compromise. - SBOM-driven exposure analysis
Upwind continuously generates and maintains an SBOM across applications and platforms, enabling teams to quickly identify where vulnerable n8n versions and dependent packages are deployed. By mapping software components to running workloads, Upwind shows exactly which environments are exposed and how exploitation paths intersect with sensitive systems. - Runtime visibility and behavioral detection
Through runtime monitoring, Upwind observes process execution, file access, and data flows within n8n workloads. Abnormal behaviors – such as unexpected reads of local databases, access to configuration files, forged session activity, or execution of shell commands initiated by workflows – are detected and flagged as high‑confidence threats.
For assistance in identifying vulnerable components or to learn more about our runtime protections, reach out to [email protected].
