The workflow automation platform n8n patched two maximum-severity critical vulnerabilities that could potentially lead to remote code execution (RCE).The first vulnerability, disclosed on Monday and tracked as CVE-2026-21877, could enable an authenticated attacker to achieve RCE due to an arbitrary file write flaw involving the Git node.The second, disclosed Wednesday and tracked as CVE-2026-21858, could potentially enable an unauthenticated attacker to gain access to arbitrary files on the local system hosting n8n.CVE-2026-21858 could escalate to RCE when an attacker uses information from the files accessed to forge an authenticated n8n session, Cyera explained in a technical analysis of the vulnerability. Both vulnerabilities were assigned a CVSS score of 10.0 by n8n.While few details have been disclosed regarding how CVE-2026-21877 could be exploited, n8n’s advisory stated an authenticated user could cause the n8n service to execute untrusted code under certain conditions, potentially resulting in a full compromise of the affected instance.
Related reading:
The advisory also stated that exposure can be reduced by disabling the Git node, as well as by limiting access for untrusted users. However, users are recommended to immediately update to the fixed version, 1.121.3, to resolve the vulnerability. This flaw affects both self-hosted and n8n Cloud instances.CVE-2026-21858, which was discovered by Cyera researchers, involves a content-type confusion bug with the Form Webhook node that could enable an unauthenticated attacker to access arbitrary files in certain setups.Cyera explained that n8n Webhook nodes check the Content-Type of incoming data and follow a different workflow depending on whether the Content-Type is multipart/form-data.When the Content-Type is anything other than multipart/form-data, the parseBody() function parses the HTTP body and stores the decoded result in the req.body global variable, Cyera researchers wrote.When the Content-Type is multipart/form-data, the parseFormData() function, which is a wrapper for Formidable’s parse() function, saves uploaded files to a randomly generated path in the temp directory and outputs this path to the req.body.files global variable.Cyera founded that a crafted HTTP request processed through the Forms Webhook node that misstates the content type as something other than multipart/form-data could allow an attacker to override the req.body.files variable when parseBody() parses the HTTP body content.With control of the req.body.files content, the attacker could specify an arbitrary file path on the local system. The Form node then calls the function prepareFormReturnItem(), which calls copyBinaryFile() for each file in req.body.files, without verifying whether the original Content-Type was a form/file upload. This causes the specified local files to be copied to persistent storage rather than the expected upload.
Cyera presented a potential scenario where this could be exploited in a retrieval-augmented generation (RAG)-based setup, where employees can interact with a chat interface to access company knowledge and upload new files to the knowledge base via a form.If an attacker uploads a file through the form and intercepts the HTTP request to change the body content and Content-Type, they can cause other sensitive files to become easily accessible through the RAG-based chat interface.“When attackers compromise a workflow automation platform, they are not breaching single system, they are inheriting every API key, OAuth token, database credential, and integration connected to it,” Joe Brinkley, head of offensive security at Cobalt, noted in an email to SC Media.The researchers further showed how this could ultimately lead to authentication bypass and RCE, as attackers can leverage the arbitrary file read exploit to gather the necessary details to forge an authenticated session.This is due to the authentication cookie n8n-auth consisting of the user’s user ID and the first 10 characters of a SHA256 hash computed from the user’s email and password concatenated in a string.User IDs, emails and passwords and the secret key used to sign the cookie contents are all stored in n8n database and configuration files that could be accessed by exploiting CVE-2026-21858, the researchers explained. After forging a valid cookie, an attacker can then use an Execute Command node to achieve RCE.CVE-2026-21858 was fixed in n8n version 1.121.0. While full patching is recommended, restricting or disabling publicly accessible webhook and form endpoints could help reduce exposure as a temporary mitigation, n8n said in its advisory.
Vulnerability Management, Patch/Configuration Management, Threat Management, Threat Intelligence
n8n patches 2 CVSS 10.0 vulnerabilities that could lead to RCE
(Credit: Luciano Luppa – stock.adobe.com)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds