Major n8n Vulnerabilities Exposed with Urgent Fixes Issued

n8n, a popular open-source workflow automation tool, has recently faced a series of critical security vulnerabilities that expose users to severe risks like remote code execution and unauthorised access. Urgent patches have been issued, making it essential for administrators to act swiftly to protect their systems. This blog dives deep into these flaws, their impacts, and remediation steps.

Vulnerability Overview

Multiple high-severity issues have plagued n8n in early 2026, with clusters of CVEs disclosed in rapid succession. The most alarming is CVE-2026-21858, dubbed “Ni8mare” by researchers at Cyera, which carries a perfect CVSS score of 10.0 for its unauthenticated file read capability via improper webhook request handling in custom web forms. This flaw affects n8n versions from 1.65.0 up to, but not including, 1.121.0, allowing attackers to bypass authentication entirely by exploiting content-type confusion in file uploads, overwriting internal JSON objects to steal sensitive files like admin session tokens.

Complementinthese issuesis are chained authenticated vulnerabilities, including CVE-2025-68613 (CVSS 9.9), an expression language injection leading to remote code execution (RCE) in versions 0.211.0 to below 1.20.4. Other related flaws like CVE-2025-68668, CVE-2025-68697, and CVE-2026-21877 enable arbitrary file writes, command injection, and further RCE when combined with the initial unauthenticated entry point. A separate wave in early February 2026 revealed six more CVEs in one day, all tied to authenticated workflows breaking isolation between user inputs, configurations, and the host system, including sandbox escapes that expose enterprise AI setups to full takeover.

These issues stem from systemic weaknesses in n8n’s handling of privileged execution, dynamic code evaluation, and input sanitisation across self-hosted and cloud instances. Pillarfound sandbox escape flaws that let even non-admin users editing workflowslows could inject malicious data transformations for supply chain attacks or credential theft.

Technical Breakdown

Start with CVE-2026-21858: Attackers craft a malicious webhook request mimicking a file upload to n8n’s form nodes without content-type validation. This lets them read arbitrary server files, forge admin tokens, and pivot to admin-only exploits. A proof-of-concept by researcher Valentin Lobstein chains it with CVE-2025-68613, injecting expressions like malicious JavaScript into workflow nodes for shell command execution.​

CVE-2026-21877 exemplifies authenticated RCE, affecting versions 0.123.0 to 1.121.3. Here, users with workflow edit rights abuse expression evaluation in nodes to run OS commands; no elevated privileges are needed. The February cluster adds command injection through Execute Command nodes, arbitrary file access that overrides workflow configs, and XSS for session hijacking. All of these can be exploited by making untrusted changes to workflows.

Pillar Security’s findings reveal how n8n’s AI-enhanced workflows amplify risks: Attackers alter prompts or base URLs stealthily, harvesting API keys, OAuth tokens, and internal creds stored in workflows. One exploit fits entirely within a “data transformation” node, evading detection. Rapid7 notes over 10,000 exposed n8n instances globally, many in enterprise environments that integrate with CRMs like Salesforce, heightening breach potential.

Impact on Users

The fallout is massive for n8n’s 100,000+ deployments, especially self-hosted ones in automation-heavy sectors like marketing, DevOps, and AI ops areas overlapping your Salesforce and n8n workflows. Unauthenticated RCE grants full server control, enabling data exfiltration, ransomware, or lateral movement to linked systems.

Enterprises face credential compromise at scale: n8n workflows often hold keys to Slack, Salesforce (e.g., Agentforce integrations), and databases. A single breach could cascade, as seen in warnings about “widespread access to sensitive credentials”. Sandbox escapes turn user-level access into host dominance, perfect for persistent threats.

Trending discussions on platforms like The Hacker News emphasise n8n’s rise in AI automation (post-Salesforce Slack AI acquisition vibes), but these flaws signal immature security for production use. CERT-In flagged it as a national concern, urging patches amid rising automation platform attacks.

Timeline of Events

• November 18, 2025: n8n patches the initial file read flaw; the CVE-2026-21858 advisory follows later.​
• January 7, 2026: Cyera discloses “Ni8mare”; Lobstein releases PoC; four CVEs (including 2025-68613) are publicised with CVSS 9.9+ scores.
• January 11-13, 2026: Media coverage explodes; the n8n blog urges upgrades to 1.121.0+.
• Late December 2025 – February 3, 2026: Pillar reports sandbox escapes, fixed in 2.4.0 after a 48-hour turnaround.
• February 4, 2026: Upwind discloses six CVEs in one day, highlighting workflow isolation failures.​

This compressed timeline reflects dozens of flaws in weeks, reflecting n8n’s fast growth outpacing security hardening, a trend in open-source automation tools.

Mitigation Strategies

Immediate Upgrade: Patch to at least 1.121.3 for early CVEs and 2.4.0+ for sandbox issues. Self-hosted users: Docker pulls the latest images; cloud auto-updates, but verify.

Access Controls: Mandate authentication for all forms/webhooks; restrict workflow edits to admins; block risky nodes like ‘Execute Command’ via config.

Credential Hygiene: Rotate all API keys, OAuth tokens, and encryption keys post-exposure. Audit workflows for anomalies like new outbound calls.

Exposure Reduction: Firewall n8n endpoints, avoid public webhooks, and monitor logs for suspicious executions. Integrate with tools like your n8n-Salesforce flows only after patching.​

Long-Term Hardening: Enable runtime node blocking, use isolated execution environments, and perform regular security scans. For AI workflows, validate prompts and data inputs rigorously.

Why It Matters Now

As automation platforms like n8n integrate deeper into CRM ecosystems (think your Salesforce Flow + n8n setups for data cleaning or Agentforce triggers), these flaws trend as prime attack vectors. With President Trump’s 2025 reelection boosting U.S. cyber mandates, enterprises face compliance heat. Early 2026 scans show thousands exposed—don’t wait for exploits in the wild.

Best Practices Moving Forward

Adopt zero-trust for workflows: Validate all inputs, segment creds, and automate patching via meta-workflows (ironically, in a patched n8n). Pair with tools like n8n’s own security nodes for logging. For content creators like you, highlight these in blogs with SEO terms: “n8n CVE fixes 2026”, driving traffic while educating peers.