Maximum-severity n8n flaw lets randos run your automation server

Unauthenticated RCE means anyone on the network can seize full control

A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn't even require logging in.

The vulnerability, uncovered by researchers at security outfit Cyera, carries a CVSS score of 10.0 and has been dubbed "ni8mare" for good reason. Tracked as CVE-2026-21858, the flaw allows an unauthenticated attacker to execute arbitrary code on vulnerable systems, effectively handing over complete control of the affected environment. There is no workaround other than patching, and users are urged to upgrade to n8n version 1.121.0 or later.

n8n is a self-hosted, open source automation tool that many organizations use to stitch together chat apps, forms, cloud storage, databases, and third-party APIs. It claims more than 100 million Docker pulls, with millions of users and thousands of companies using it to automate everything from internal workflows to customer-facing processes.

According to Cyera, the root of the problem lies in how n8n processes webhooks – the mechanism used to kick off workflows when data arrives from external systems such as web forms, messaging platforms, or notification services. By abusing a so-called "Content-Type Confusion" issue, an attacker can manipulate HTTP headers to overwrite internal variables used by the application. That, in turn, allows them to read arbitrary files from the underlying system and escalate the attack to full remote code execution.

In plain terms, anyone who can reach a vulnerable n8n instance over the network can seize it completely, without credentials, and then pivot into whatever systems that instance is connected to.

As Cyera researcher Dor Attias put it: "Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses. A compromised n8n instance doesn't just mean losing one system – it means handing attackers the keys to everything. API credentials, OAuth tokens, database connections, cloud storage – all centralized in one place."

That centralization is what makes the flaw so dangerous. n8n is often trusted with high-value secrets and broad access because it orchestrates workflows across an organization's digital estate.

"The blast radius of a compromised n8n is massive," Attias warned. "n8n is connecting countless systems, your organizational Google Drive, OpenAI API keys, Salesforce data, IAM systems, payment processors, customer databases, CI/CD pipelines, and more. It's the central nervous system of your automation infrastructure."

Cyera credits n8n with responding quickly once the issue was disclosed. The company says it privately reported the vulnerability on November 9, 2025, and n8n's security team confirmed the issue the following day. A fix was quietly shipped on November 18 as part of the 1.121.0 release, weeks before the bug was publicly assigned a CVE identifier this week.

n8n did not immediately respond to The Register's questions.

The patch landed with little fanfare, which means some organizations may still be running vulnerable versions – particularly in self-hosted environments where upstream advisories don't always get read. Given how widely the software is used, leaving it unpatched is an open invitation for attackers pursuing quick, high-value targets. ®