Unauthenticated

Vulnerabilities 2026-04-04
Ni8mare: CVSS 10.0 Unauthenticated RCE in n8n Workflow Automation (CVE-2026-21858)
A CVSS 10.0 content-type confusion bug in n8n's webhook handler lets unauthenticated attackers read arbitrary files, steal credentials, forge admin sessions, and achieve full RCE. Patch to 1.121.0 immediately.
CVE RCE n8n workflow-automation webhook unauthenticated CVSS-10

Ni8mare: CVSS 10.0 Unauthenticated RCE in n8n Workflow Automation (CVE-2026-21858)