A maximum-severity security flaw (CVSS score 10.0), tracked as CVE-2026-21858 and codenamed ‘Ni8mare,’ has been disclosed in n8n, a widely-used workflow automation platform. This critical vulnerability allows an unauthenticated remote attacker to gain complete control over susceptible n8n instances.
n8n is frequently utilized within the Web3 ecosystem for automating critical operations, including deployment pipelines and API integrations. A flaw of this magnitude poses an extreme threat, as attackers could hijack workflows to steal highly sensitive assets such as private keys, API credentials, or administrative secrets stored within the system, potentially leading to unauthorized smart contract deployments or asset theft via supply chain compromise.
Dubbed ‘Ni8mare’ by Cyera Research Labs and detailed by security researcher Dor Attias, the primary danger stems from its unauthenticated nature; attackers require no prior credentials to achieve full remote system takeover.
Web3 organizations and development teams must immediately audit their operational n8n instances and apply vendor-provided security patches. Given that automation infrastructure is central to modern DApp operations, prompt remediation is crucial to maintaining the integrity and security of decentralized applications.
Source: Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
コメント