CVE-2026-21858

Medienbericht

Exploit

EPSS 7.06%
Veröffentlicht 07.01.2026 23:57:52
Zuletzt bearbeitet 16.01.2026 19:31:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version >= 1.65.0 < 1.121.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.06%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.heise.de/news/Kritische-Luecke-in-Automatisierungstool-n8n-erlaubt-Codeschmuggel-11135949.html

Medienbericht

heise Security

09.01.2026 15:24

https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg

Vendor Advisory

https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-21858

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21858

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21858

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-21858