THREAT SENTINEL
Back to Dashboard
VulnerabilitiesCritical

n8n AI Workflow Platform CVE-2026-21858 Allows Unauthenticated Full Takeover

Thursday, April 2, 2026
Global
NVD + Orca Security

Summary

A critical unauthenticated RCE vulnerability (CVE-2026-21858, CVSS 10.0) in n8n AI workflow automation platform allows attackers to fully take over vulnerable instances without credentials. Compromised instances expose cloud credentials, API keys, and customer databases.

Threat Analysis

CVE-2026-21858 CVSS 10.0 unauthenticated RCE in n8n via Content-Type confusion in webhook handlers. No authentication required.

Affected Products: n8n versions prior to 1.121.0.

Exploitation Status: Proof-of-concept exploit available. Compromised instances expose Google Drive, OpenAI API keys, Salesforce data, and CI/CD pipelines.

Recommended Mitigations: (1) Upgrade to n8n version 1.121.0 or later immediately. (2) Restrict webhook endpoint access via firewall rules. (3) Audit and rotate connected service credentials. (4) Implement network segmentation.

Last updated: Apr 2, 2026, 08:23 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM