A maximum-severity vulnerability has been disclosed in n8n, a widely used workflow automation platform, enabling unauthenticated remote attackers to achieve complete control over vulnerable instances. This flaw, tracked as CVE-2026-21858 and assigned a critical CVSS score of 10.0, has been dubbed “Ni8mare” by researchers at Cyera Research Labs.
While n8n is a generalized automation tool, its prevalence within the Web3 ecosystem for tasks like backend synchronization, data fetching for oracles, or even automating aspects of smart contract deployment pipelines, makes this a major concern. An attacker exploiting this vulnerability gains full platform control, potentially accessing sensitive credentials, modifying critical workflows, and executing arbitrary code.
For Web3 projects utilizing n8n—especially those handling private keys, API keys, or integrating with critical infrastructure—this flaw represents a severe supply chain risk. Given the maximum severity and ease of exploitation, the editorial board urgently advises all affected Web3 organizations to prioritize patching and implementing necessary mitigation strategies immediately to prevent potential catastrophic breaches.
Source: Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
コメント