Cybersecurity researchers have disclosed details concerning a maximum-severity security flaw in n8n, a widely used workflow automation platform. This critical vulnerability, tracked as CVE-2026-21858 and codenamed Ni8mare by Cyera Research Labs, carries the maximum CVSS score of 10.0. The primary threat is that an unauthenticated remote attacker can gain complete control over susceptible instances, effectively achieving Remote Code Execution (RCE). Given that n8n often handles sensitive data flows, API keys, and automated transactions critical to decentralized (Web3) and centralized backends, the compromise of an instance represents a direct path to widespread system infiltration. We urge all administrators managing n8n installations to apply necessary security updates immediately to mitigate this extreme risk.
Source: Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
コメント