A maximum-severity security flaw (CVE-2026-21858), codenamed Ni8mare by Cyera Research Labs, has been disclosed in the popular workflow automation platform, n8n. Assigned the highest CVSS score of 10.0, this vulnerability is catastrophic because it allows any unauthenticated remote attacker to gain complete control over susceptible n8n instances. For the Web3 sector, where automation platforms are crucial for data pipelines, oracle feeds, and smart contract deployment workflows, this flaw represents an existential threat. An unauthenticated takeover of such a system grants attackers access to integrated secrets, API keys, and the capability to execute malicious code within critical infrastructure. This could result in devastating supply chain compromises, unauthorized fund movements, or complete data exfiltration. All organizations utilizing n8n must treat this disclosure with the utmost urgency and prioritize immediate patching to mitigate the risk of widespread exploitation.
Source: Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
コメント