A maximum-severity security flaw has been disclosed in n8n, a widely used workflow automation platform. This vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0) and codenamed ‘Ni8mare’ by Cyera Research Labs, poses an extreme risk to deployed instances. The flaw allows an unauthenticated remote attacker to gain complete administrative control over susceptible instances. Given that n8n is often integrated into Web3 infrastructures for backend automation and decentralized application data pipelines, the potential impact on associated projects is paramount. Security researcher Dor Attias has revealed the technical details. Administrators must prioritize immediate patching and migration to secure versions to mitigate the maximum-severity threat of full compromise.
Source: Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
コメント