Cybersecurity researchers have unveiled details regarding a maximum-severity flaw, codenamed Ni8mare (CVE-2026-21858, CVSS 10.0), affecting n8n, a prominent workflow automation platform often leveraged in decentralized infrastructure. This vulnerability allows an unauthenticated remote attacker to achieve complete control (including potential remote code execution) over susceptible instances. For Web3 projects utilizing n8n for dApp backend operations, notification systems, or critical infrastructure automation, the risk is catastrophic. An attacker gaining full control of the automation middleware could lead to supply chain attacks, compromise sensitive API keys used for interaction with blockchain services, or disrupt essential operational continuity. Immediate patching of all susceptible n8n instances is critically required to mitigate this extreme risk.
Source: Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
コメント