Security researchers at Cyera have discovered a critical vulnerability in n8n, the popular workflow automation platform. The flaw, with a CVSS score of 10.0, allows attackers to take complete control of local n8n instances. There is no workaround; users must upgrade to version 1.121.0 or higher.
The security flaw (CVE-2026-21858) was published on January 7 by researcher Dor Attias. The platform has over 100 million Docker pulls worldwide and is used by millions of users and thousands of companies. n8n often acts as the “nervous system of your automation infrastructure” within organizations, Cyera explains.
The vulnerability arises from a so-called “Content-Type Confusion” in n8n’s webhook processing. Webhooks are the starting point for workflows and capture incoming data from forms, chat messages, and WhatsApp notifications. By manipulating the Content-Type header, an attacker can overwrite the req.body.files variable and thus read arbitrary files from the system.
From file reading to complete takeover
The researchers demonstrated how the vulnerability can escalate to Remote Code Execution. In Docker installations, crucial files such as the SQLite database (/home/node/.n8n/database.sqlite) and configuration files (/home/node/.n8n/config) are stored locally on the disk. An attacker can read these files via the Content-Type Confusion bug.
The attacker extracts user IDs, email addresses, and hashed passwords from the database. The configuration file contains the encryption key that n8n uses to sign session cookies. With this information, an attacker can create a fake n8n-auth cookie and log in as an administrator.
n8n is becoming increasingly popular in 2025 as an open-source alternative for workflow automation. The platform combines AI functionality with business processes and focuses primarily on technical teams. This makes the impact of this vulnerability even greater, as these teams often have high privileges for their daily work.
Once logged in as an administrator, the attacker can create a workflow with the “Execute Command” node. This node executes commands on the underlying system, giving the attacker complete control over the n8n server.
Enormous impact due to central position
The consequences of a compromised n8n instance are far-reaching. The platform connects countless systems: Google Drive, OpenAI APIs, Salesforce, IAM systems, payment processors, customer databases, and CI/CD pipelines. An attacker gains access to all stored API credentials, OAuth tokens, and database connections. This provides ample opportunity for lateral movement, making it difficult to trace the origin back to n8n.
Cyera illustrated the vulnerability with a realistic scenario: an organizational knowledge base based on RAG (Retrieval-Augmented Generation) technology. Employees upload documents via an n8n Form node, after which the data becomes searchable via a chat interface. By manipulating the Content-Type header, an attacker loads the /etc/passwd file into the knowledge base instead of a document. The attacker then retrieves the content via the chat interface.
n8n responded quickly to the report, Cyera says. The security team received the report on November 9, 2025, and confirmed it a day later. On November 18, version 1.121.0 was released with a patch. This week, on January 6, the vulnerability was officially assigned CVE-2026-21858.
Protection against exploitation
Users should upgrade to version 1.121.0 or newer as soon as possible. There are no official workarounds available. Cyera emphasizes three additional security measures: do not expose n8n to the internet unless strictly necessary, and require authentication for all Forms.