n8n 'Ni8mare' Flaw Allows Unauthenticated Server Takeover

Cyera Research Labs disclosed a maximum-severity vulnerability in n8n, the workflow automation platform used by thousands of organizations to connect applications and automate business processes. CVE-2026-21858, nicknamed "Ni8mare," allows completely unauthenticated attackers to take over vulnerable instances—reading arbitrary files, forging administrator sessions, and executing system commands.

This is the second critical n8n vulnerability disclosed in recent weeks. Unlike CVE-2025-68613, which required authentication, Ni8mare needs no credentials whatsoever.

TL;DR

• What happened: Content-Type confusion flaw in n8n allows unauthenticated arbitrary file read, escalating to full RCE
• Who's affected: All n8n instances running versions prior to 1.121.0 (estimated 100,000+ internet-exposed)
• Severity: Critical (CVSS 10.0) - No authentication required
• Action required: Upgrade to n8n version 1.121.0 or later immediately

How Does Ni8mare Work?

The vulnerability exploits a subtle flaw in how n8n handles file uploads in its Form Webhook node. When processing multipart/form-data requests, the platform calls a file-handling function without first verifying that the incoming request actually uses that content type.

An attacker can send a request with a different Content-Type header (like application/json) while manually defining the req.body.files structure. This tricks n8n into processing attacker-controlled file paths instead of legitimate uploads. The platform then copies whatever local file the attacker specifies—and downstream workflow nodes can expose that content.

In practice, this enables arbitrary file read. An attacker can retrieve /etc/passwd, configuration files, or most critically, n8n's internal SQLite database containing user credentials and the secret key used to sign authentication cookies.

From File Read to Full Compromise

Reading arbitrary files sounds bad. Forging admin sessions sounds worse. Cyera researchers demonstrated the full attack chain:

1. Exploit the Content-Type confusion to read n8n's SQLite database
2. Extract user IDs and partial password hashes from the database
3. Read the configuration file containing the cookie signing secret
4. Use these values to forge a valid n8n-auth session cookie
5. Authenticate as administrator
6. Execute arbitrary system commands through workflow nodes

The result: complete server compromise from a single unauthenticated HTTP request.

What Makes This Dangerous

n8n deployments typically store sensitive credentials for connected services. A compromised instance exposes:

• API keys for third-party services (Slack, GitHub, AWS, etc.)
• OAuth tokens for authenticated integrations
• Database connection strings
• CI/CD pipeline secrets
• Business data flowing through automated workflows

Organizations use n8n to orchestrate everything from customer onboarding to deployment pipelines. A breach gives attackers the keys to whatever systems n8n touches.

Censys data suggests over 100,000 n8n instances are exposed to the internet. Many run in environments where self-registration is enabled or default credentials remain unchanged.

Affected Versions

All n8n versions prior to and including 1.65.0 contain the vulnerable code. The fix shipped in version 1.121.0, released November 18, 2025—giving organizations nearly two months to patch before public disclosure.

Timeline

• November 9, 2025: Cyera researcher Dor Attias discovers the vulnerability
• November 18, 2025: n8n releases patched version 1.121.0
• January 6, 2026: n8n assigns CVE-2026-21858
• January 7, 2026: Cyera publishes technical details

Mitigation Steps

1. Upgrade immediately to n8n version 1.121.0 or later
2. Restrict public access to webhook and form endpoints
3. Audit logs for unusual file access patterns or authentication anomalies
4. Rotate credentials for any secrets stored in n8n workflows
5. Review connected services for signs of unauthorized access

No official workarounds exist for unpatched versions. The only reliable mitigation is upgrading.

Why This Matters

Workflow automation platforms have become central nervous systems for modern organizations. They hold credentials for dozens of connected services and process sensitive data continuously. When these platforms have authentication-bypass vulnerabilities, the blast radius extends far beyond the automation tool itself.

The two-month gap between patch availability and public disclosure gave defenders time to update. Organizations still running vulnerable versions are now racing against attackers who have full technical details and proof-of-concept code.