Your automation server just became someone else’s backdoor. That’s the reality facing organizations running self-hosted n8n, the popular workflow automation platform: a maximum-severity vulnerability, scored 10.0 on the CVSS scale, lets attackers take complete control of a server with no password needed.
The flaw has a name: Ni8mare. It’s as bad as it sounds.
TL;DR: What You Need to Know Right Now
The vulnerability: CVE-2026-21858 lets unauthenticated attackers read any file on your n8n server, steal credentials, bypass authentication, and execute arbitrary commands. Who’s affected: all self-hosted n8n installations running versions before 1.121.0, Cloud users are safe. The fix: update to n8n 1.121.0 or later immediately, no workaround exists. The risk: your n8n instance likely stores API keys, database credentials, OAuth tokens, and business data. A compromise means attackers get all of it.
What Exactly Happened?
A security researcher at Cyera Research Labs found a fundamental flaw in how n8n handles file uploads. Here’s the technical reality in plain English.
When you upload a file through an n8n form, the system checks the content type of the request. If it’s a genuine file upload (multipart/form-data), n8n uses a secure parser that prevents access to system files. But attackers found a bypass: by changing the content type to something like application/json, they trick n8n into using a different parser, one that doesn’t verify the request actually contains a legitimate file upload and instead blindly trusts whatever file path the attacker provides.
The result is that attackers can read any file on the server: the database, configuration files, encryption keys, everything.
From file read to full takeover
Reading files is bad enough, but the attack chain doesn’t stop there. The demonstrated takeover path: read the database (n8n stores user records in a local SQLite file at /home/node/.n8n/database.sqlite), extract the admin’s user ID, email, and password hash, steal the encryption key from the config file at /home/node/.n8n/config (the same key that signs session cookies), forge an admin session using the stolen information, then log in as admin and create a workflow with the Execute Command node.
Total time from first request to full server compromise: minutes.
Who Is Actually at Risk?
You’re vulnerable if you self-host n8n (Docker, bare metal, or VM), you’re running any version before 1.121.0, and your instance has Form nodes accessible from the internet.
You’re safe if you use n8n Cloud (patched server-side), you’ve already updated to 1.121.0 or later, or your instance is fully isolated from the internet.
As of late January 2026, attack-surface researchers found roughly 39,900 exposed n8n instances still vulnerable, down from about 60,000 a week earlier, with 26,512 directly accessible hosts observed by Censys and the highest concentrations in the US, Germany, France, Brazil, and Singapore. The patching rate has been too slow for a CVSS 10.0.
Why This Matters More Than a Typical CVE
Most security flaws affect one system. Ni8mare is different, because n8n isn’t just another app on your server, it’s the central nervous system of your automation infrastructure. Think about what a typical n8n instance connects to: API keys for OpenAI, Google, Slack, and dozens of other services, OAuth tokens granting access to cloud platforms, database credentials for production systems, CI/CD secrets, and customer data flowing through live workflows.
When attackers compromise n8n, they don’t just get one server. They get the keys to everything n8n touches.
How to Fix CVE-2026-21858
Step 1: check your current version.
# Docker deployments
docker exec -it n8n n8n --version
# npm installations
n8n --version
If you see anything below 1.121.0, you’re vulnerable.
Step 2: back up your data before updating.
# Docker deployments
docker cp n8n:/home/node/.n8n ./n8n-backup
# Other installations
cp -r ~/.n8n ./n8n-backup
Step 3: update.
# Docker
docker pull n8nio/n8n:latest
docker stop n8n
docker rm n8n
docker run -d --name n8n \
-p 5678:5678 \
-v ~/.n8n:/home/node/.n8n \
n8nio/n8n:latest
# npm
npm update -g n8n
# Docker Compose
docker compose pull
docker compose up -d
Step 4: verify.
n8n --version
# Should report 1.121.0 or later
If You Cannot Patch Immediately
Legacy integrations, testing requirements, or approval processes can delay an update. While you wait: restrict Form access using a reverse proxy or firewall to block public access to n8n Form endpoints, enable authentication and require login for all Form nodes, move n8n behind a VPN or internal network, and monitor logs for unusual Form submissions or file-access patterns.
There is no configuration change that fully mitigates this vulnerability. The n8n team confirmed this directly. Patching is the only complete solution.
The Bigger Picture: n8n’s Security Track Record
Ni8mare isn’t an isolated incident. n8n disclosed four critical vulnerabilities in a two-week span:
| CVE | CVSS | Description | Fixed in |
|---|---|---|---|
| CVE-2026-21858 (Ni8mare) | 10.0 | Unauthenticated RCE via content-type confusion | 1.121.0 |
| CVE-2026-21877 | 10.0 | RCE via unrestricted file upload | 1.121.3 |
| CVE-2026-1470 | 9.9 | JavaScript sandbox escape | 1.123.17 |
| CVE-2026-0863 | 8.5 | Python sandbox escape | 1.123.14 |
Credit where it’s due, n8n’s security team responds fast: they acknowledged Ni8mare within a day and shipped a patch within nine days. Many vendors take months. But the frequency of critical flaws in a short window suggests the platform needs continued security investment, and self-hosters need to keep pace.
What This Means for Self-Hosters Going Forward
Automation platforms are high-value targets. Attackers know workflow tools hold keys to multiple systems, so expect continued research, and more vulnerabilities, in n8n and comparable platforms.
Self-hosting requires an actual security practice, not a set-and-forget deployment: automated update notifications, a regular patching schedule, network segmentation, and a backup and recovery plan. Exposure matters as much as the vulnerability itself, a vulnerable instance behind a VPN carries very different risk than one exposed directly to the internet, so minimize your attack surface even when you’re current on patches. And the disclosure timeline here was tight: reported November 9, patched November 18, publicly disclosed January 7. Self-hosters need processes that can match that pace.
Setting Up Security Monitoring for Your n8n Instance
Patching Ni8mare is step one. Building an ongoing security practice is the real work. Configure n8n to log authentication attempts and workflow executions:
N8N_LOG_LEVEL=debug
N8N_LOG_OUTPUT=file
N8N_LOG_FILE_LOCATION=/var/log/n8n/
Forward these logs to your SIEM or monitoring system, and watch for failed authentication attempts, workflows created or modified outside business hours, unusual Form submissions with suspicious content types, and access to sensitive file paths in execution logs. Set a maintenance window for updates, n8n releases frequently and security patches often arrive without fanfare, so a monthly update cycle at minimum keeps you ahead of disclosed vulnerabilities.
The Bottom Line
CVE-2026-21858 is about as serious as vulnerabilities get: a perfect 10.0 score, no authentication required, full server takeover possible. If you run self-hosted n8n, check your version right now. If you’re below 1.121.0, update today, not tomorrow.
Self-hosting gives you control. That control includes the responsibility to act fast when critical vulnerabilities emerge. Update your instance, review what it connects to, and reduce your exposure.
If you’d rather have someone monitor and patch your n8n stack for you, let’s talk.
Frequently asked questions
Does CVE-2026-21858 affect n8n Cloud users?
No. n8n Cloud was patched server-side. Only self-hosted deployments are at risk.
What CVSS score does Ni8mare have?
CVE-2026-21858 has a maximum CVSS score of 10.0, critical severity with no authentication required for exploitation.
Which n8n versions are vulnerable?
All versions before 1.121.0 are vulnerable. Update to 1.121.0 or later to fix it.
Can attackers exploit this without authentication?
Yes, that's what makes it a CVSS 10.0. Attackers only need access to a Form endpoint, no login required.
What data can attackers access through this vulnerability?
Attackers can read any file on the n8n server, including the database (which holds user credentials), configuration files (which hold encryption keys), and any data processed by workflows.
Is there a workaround if I can't update immediately?
No official workaround exists. Temporary mitigations include restricting network access to Form endpoints and requiring authentication on all forms, but patching is the only complete fix.
How do I know if my n8n instance was compromised?
Review logs for unusual Form submissions, unexpected file access, or new workflows created without authorization, and check for unfamiliar admin sessions or credential changes.
How many n8n instances are still vulnerable?
As of late January 2026, roughly 39,900 exposed n8n instances remained unpatched, down from about 60,000 shortly after disclosure.
Related reading
Want this built for you?
We design and ship production n8n automation for agencies, and train your team to own it.
Book a build →