26 April 2026 Vulnerability

CVE-2026-21858 (Ni8mare): Critical n8n Flaw Exposing 26,000+ Automation Servers to Remote Takeover

A CVSS 10.0 remote code execution vulnerability in n8n workflow automation, tracked as CVE-2026-21858 and dubbed Ni8mare, has left more than 26,000 publicly exposed servers open to full takeover — with no authentication required. Australia's ACSC has issued an advisory urging organisations to patch immediately.

Disclosure: This post contains affiliate links. We only recommend tools we've researched and trust. If you purchase through our links, we may earn a commission at no extra cost to you.

What Is CVE-2026-21858 and Why Does It Score CVSS 10.0?

A CVSS score of 10.0 is the highest possible rating under the Common Vulnerability Scoring System — it indicates a flaw that is network-accessible, requires no authentication or user interaction, and delivers complete compromise across confidentiality, integrity, and availability. CVE-2026-21858 earns all three components.

The vulnerability, nicknamed "Ni8mare" by Cyera Research Labs who discovered it, affects n8n: an open-source workflow automation platform widely used by developers, agencies, and small businesses to connect applications and automate repetitive tasks. Think of n8n as a self-hosted alternative to Zapier or Make.com — it sits on a server and acts as the connective layer between your email platform, CRM, website, payment processor, and any number of other services your business depends on.

The flaw was publicly disclosed on 7 January 2026 by Cyera Research Labs, with independent analysis published shortly after by Orca Security and Horizon3.ai. Australia's ACSC (Australian Cyber Security Centre) subsequently published a formal advisory at cyber.gov.au, flagging it as a critical risk for Australian organisations running affected versions of n8n.

The maximum CVSS score reflects three specific properties of this flaw:

No authentication required: any internet-connected attacker can probe a vulnerable instance without credentials or prior access
No user interaction required: there is no phishing link to click, no file to open — exploitation is a direct HTTP request to the n8n server
Full server compromise: a successful exploit delivers arbitrary file read and remote code execution on the underlying host, not just the n8n application itself

For Australian organisations that self-host n8n — whether on a cloud VPS, an on-premises server, or within a containerised environment — this is a critical patching priority. The ACSC advisory does not hedge: organisations are directed to upgrade immediately and to audit connected systems for signs of prior compromise.

How Many Organisations Remain Exposed?

When Cyera Research Labs and Orca Security published their analysis in January 2026, the patch — n8n version 1.121.0 — had already been released in November 2025. That means the fix has been available for months. Yet internet-wide scanning by Censys, as reported by security researchers tracking the vulnerability, identified more than 26,000 n8n instances that remain publicly accessible and potentially vulnerable.

That figure represents a fraction of the total deployment base. Many n8n instances run behind corporate firewalls or VPNs and are not directly reachable from the internet — for those, the risk is significantly reduced. However, organisations that expose n8n's webhook endpoints to the public internet for legitimate automation purposes (receiving form submissions, processing payment callbacks, triggering integrations from external services) are in the highest-risk category.

The ACSC advisory does not publish specific Australian exposure numbers, but given n8n's growing adoption among Australian developers, digital agencies, and tech-forward small businesses, a proportion of those 26,000+ exposed instances will belong to Australian organisations. Internet scanning tools do not filter by geography, and there is no reason to assume Australian deployments are better patched than the global average.

Why hasn't everyone patched? Self-hosted open-source tools often fall into a gap in patch management processes. Organisations that diligently apply operating system updates and SaaS software updates can overlook self-managed infrastructure — particularly automation servers that "just run in the background" without generating visible incidents or support tickets. This gap between patch availability and patch application is precisely what threat actors exploit.

ACSC's Essential Eight cybersecurity framework specifically addresses this under the "Patch Applications" control, which requires organisations to apply patches for internet-facing services within two weeks of release at Maturity Level 1. For a CVSS 10.0 flaw, that window should be treated as 48 hours, not a fortnight. At the time of writing, patches for CVE-2026-21858 have been available for over five months — well beyond any reasonable patching window.

How the Ni8mare Exploit Chain Works

Understanding how CVE-2026-21858 works helps organisations accurately assess their real exposure — because the vulnerability does require a specific configuration to be exploitable, and recognising that configuration is the first step in triaging risk.

The Content-Type Confusion Flaw

n8n includes a Form Webhook node: a feature that allows users to create publicly accessible web forms that trigger automation workflows when submitted. When an HTTP request arrives at a form webhook, n8n's formWebhook() function processes it and calls a helper function — copyBinaryFile() — to handle any attached files.

The critical mistake: copyBinaryFile() is invoked without first validating that the incoming request carries a Content-Type header of multipart/form-data. This means an attacker can send any HTTP request body, inject controlled values into the req.body.files object, and cause n8n to treat attacker-controlled data as if it were a legitimate uploaded file. The server accepts the malicious input without question because the input-validation step was simply never implemented.

The Three-Stage Attack Chain

Security researchers at Orca Security and Horizon3.ai independently demonstrated a three-stage exploit chain that escalates from file read to full server control:

Stage 1 — Arbitrary file read: By injecting a path traversal payload into the forged file object, an attacker can instruct n8n to read any file accessible to the n8n process. This includes /etc/passwd, private TLS certificates, and — most critically — n8n's own database and environment variable files. These typically contain API keys, OAuth tokens, database connection strings, and service credentials for every integration the n8n instance has configured.

Stage 2 — Administrator session forgery: With credentials extracted from the file system or environment variables, an attacker can forge a valid administrator session token for the n8n instance, gaining full control of the automation platform and every workflow it manages.

Stage 3 — Remote code execution: n8n's administrator interface permits execution of custom JavaScript within workflow steps. With admin access established, an attacker can create or modify a workflow to execute arbitrary operating-system commands on the underlying server — achieving full host compromise that extends beyond n8n itself to any other service running on that machine.

Prerequisites and Mitigating Factors

Exploitation requires at least one n8n Form workflow to be created and publicly accessible without authentication. Organisations that use n8n purely for internal integrations — with webhook endpoints that are not publicly reachable — face a substantially lower risk from remote exploitation. That said, the underlying flaw exists in all affected versions regardless of configuration, and the configuration could change. The only fully safe remediation is patching to version 1.121.0 or later.

How to Protect Your n8n Instance

The remediation is straightforward: upgrade n8n to version 1.121.0 or later. This patch was released in November 2025 and fully remediates CVE-2026-21858. If you are running n8n via Docker, update the image tag to n8nio/n8n:1.121.0 or a more recent tag. For npm-based installations, run npm update n8n and verify the installed version with n8n --version after the update completes.

If an immediate upgrade is not possible — for instance, because a workflow depends on a deprecated API or configuration format — ACSC recommends restricting or disabling publicly accessible webhook and form endpoints until the upgrade can be scheduled. This is a temporary mitigation only: it reduces the remote attack surface but does not eliminate the underlying vulnerability, and it does not protect against exploitation by anyone who already has network access to the n8n host.

Audit What Your n8n Instance Can Reach

The Ni8mare exploit's most dangerous capability is credential harvesting. Before patching — or while awaiting a maintenance window — audit your n8n environment thoroughly:

Review stored credentials: n8n stores integration credentials (API keys, OAuth tokens, database passwords, webhook secrets) in its internal database. If your instance was publicly exposed on a vulnerable version, treat those credentials as potentially compromised. Rotate them.
Map connected systems: List every system your n8n workflows connect to — your WordPress or WooCommerce site, payment gateways, email providers, cloud storage buckets, CRM platforms, Slack or Microsoft Teams workspaces. A compromise of n8n is effectively a compromise of everything it can reach.
Check for backdoored workflows: Review your workflow list for any unfamiliar or recently modified automation steps — particularly anything triggering shell commands, making outbound HTTP requests to unknown hosts, or accessing file paths. These are indicators of attacker persistence.
Review n8n user accounts: Check for any accounts created or modified without your knowledge. Remove any unfamiliar entries and force a credential reset for all legitimate accounts.

Additional Protection for Website-Connected Automation

If your n8n instance connects to your website or online store — a common configuration for Australian small businesses automating order fulfilment, contact-form processing, or inventory updates — a web application firewall provides an important additional detection layer at the perimeter. Even if an attacker obtained n8n credentials for a site integration before you patched, a WAF can detect and block the suspicious API calls or login attempts that typically follow credential theft. Sucuri's website firewall is purpose-built for small-business websites and covers WordPress, WooCommerce, and other common CMS platforms, providing malware scanning, intrusion detection, and DDoS mitigation in a single managed service.

Layered Defence: Automation Security for Australian SMBs

CVE-2026-21858 illustrates a pattern that is becoming more common: attackers targeting the connective tissue of an organisation's IT environment rather than its primary systems. n8n doesn't hold your data directly — it holds the keys to every system that does. That makes automation servers high-value targets with often-low defensive priority.

Australian small businesses and SMBs running any self-hosted automation or integration tool should review the following principles as part of a broader security posture:

Patch as a first-class priority. The ACSC's Essential Eight Maturity Model treats application patching as a foundational control. For internet-facing services, ACSC recommends patches be applied within two weeks of release at Maturity Level 1, and within 48 hours for critical, actively exploited vulnerabilities. A CVSS 10.0 flaw with a public proof-of-concept should be treated as actively exploited from the moment of disclosure, regardless of whether confirmed exploitation is reported in the wild.

Expose only what must be exposed. n8n's webhook and form endpoints only need to be publicly accessible if they receive inbound requests from external sources — a payment processor callback, a form submission from your public website. Internal-only integrations (syncing your CRM with your inventory system, sending internal Slack notifications) should never be reachable from the internet. Use network segmentation, a reverse proxy with IP allowlisting, or a VPN to enforce this boundary.

Apply the principle of least privilege to integration credentials. When creating API credentials for n8n to use, scope them narrowly. A credential used to post updates to a CRM should have write access to that specific CRM module only — not admin access, not deletion rights, not access to billing or HR data. This limits blast radius if credentials are extracted by an attacker who exploits a future vulnerability.

Include automation servers in your asset and patch inventory. Many organisations that rigorously patch their Windows workstations and managed cloud services overlook the Linux VPS running their automation stack. Every server that touches business data — including the ones running quietly in the background — needs to be part of the patch management cycle with a documented owner and update schedule.

Monitor for unusual automation activity. n8n logs every workflow execution. Configure log forwarding to a central log management tool or security monitoring service. Unexplained workflow executions — particularly anything triggering shell commands, making HTTP requests to unfamiliar external hosts, or accessing file-system paths outside normal workflow scope — are strong indicators of compromise.

ACSC publishes tailored guidance for Australian small businesses and SMBs at cyber.gov.au. The Essential Eight Maturity Model is free, well-supported, and provides a practical framework grounded in Australian regulatory context — including obligations under the Privacy Act 1988 and the Notifiable Data Breaches scheme, both of which are triggered when personal information held by an organisation is accessed without authorisation.

If your business depends on web-connected automation — linking your website, online store, or booking system to back-end workflows — a layered security posture that combines timely patching, network segmentation, credential scoping, and web application protection gives you defence in depth even when a critical flaw like Ni8mare emerges unexpectedly.