Cybersecurity researchers have disclosed a new critical flaw in the popular workflow automation platform n8n that could allow unauthenticated attackers to fully compromise vulnerable systems. The issue, tracked as CVE-2026-21858 and assigned a maximum CVSS score of 10.0, is being described as one of the most severe n8n vulnerabilities reported to date.
The n8n vulnerability was discovered and responsibly disclosed by security researcher Dor Attias on November 9, 2025. n8n later confirmed the issue in a security advisory, warning that attackers could access files on the underlying server through certain form-based workflows.
According to n8n, “A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker.” The company noted that the flaw could expose sensitive data and potentially enable further compromise depending on configuration and usage.
CVE-2026-21858 is a Content-Type confusion bug tied to how the n8n webhook processes incoming HTTP requests. The webhook parses requests differently based on the Content-Type header, creating a gap that attackers can exploit to manipulate file-handling behavior.
How the n8n Webhook Content-Type Confusion Is Exploited
The vulnerability stems from how n8n handles form submissions. When a request is processed, the platform uses parseRequestBody() to determine whether to invoke a file upload parser or a regular body parser. If multipart/form-data is specified, uploaded files are parsed and stored in req.body.files.
However, researchers found that certain file-handling functions are executed without verifying the Content-Type header. As a result, attackers can override req.body.files even when no file upload is present.
“Since this function is called without verifying the content type is ‘multipart/form-data,’ we control the entire req.body.files object,” Attias explained. This allows an attacker to copy any local file from the server instead of an uploaded file, exposing sensitive system data to downstream workflow nodes.
n8n Vulnerability Enables Admin Bypass and Remote Code Execution
The impact of CVE-2026-21858 extends beyond arbitrary file reads. Researchers demonstrated how attackers could escalate the flaw into a full system compromise. By abusing the n8n vulnerability, a threat actor could read the internal SQLite database at /home/node/.n8n/database.sqlite, extract administrator credentials, and then retrieve encryption secrets from /home/node/.n8n/config.
Using this information, attackers could forge a valid admin session cookie, bypass authentication, and gain full administrative access. From there, they could create a malicious workflow containing an “Execute Command” node, achieving remote code execution on the host system.
Cyera warned that the centralized nature of n8n significantly amplifies the risk. “A compromised n8n instance doesn’t just mean losing one system; it means handing attackers the keys to everything,” the company said, citing stored API credentials, OAuth tokens, and database connections as high-value targets.
Patch Status and Mitigations for CVE-2026-21858
The n8n vulnerability affects all versions up to and including 1.65.0 and was patched in version 1.121.0, released on November 18, 2025. Users are strongly urged to upgrade to a fixed or newer release, such as versions 1.123.10, 2.1.5, 2.2.4, or 2.3.0.
As additional mitigations, administrators are advised to avoid exposing n8n instances to the internet, enforce authentications for all Forms, and restrict or disable publicly accessible n8n webhook and form endpoints until patches can be applied.
The disclosure of CVE-2026-21858 follows several other critical issues in n8n, including CVE-2025-68668 and CVE-2025-68613, highlighting the need for rigorous security controls around automation platforms that manage sensitive integrations and credentials.
