Critical n8n Vulnerability: CVSS 10.0 RCE Threatens Cloud Workflow Platforms
📢 Affiliate Disclosure: This site contains affiliate links to Amazon. We earn a commission when you purchase through our links at no additional cost to you.
A perfect 10.0 CVSS score. Unauthenticated remote code execution. Complete server takeover. CVE-2026-21858 in the n8n workflow automation platform is one of the most critical cloud vulnerabilities discovered in early 2026.
If you're running n8n or testing cloud infrastructure in bug bounty programs, this vulnerability represents both an immediate security crisis and a massive opportunity for security researchers. Here's everything you need to know.
What Happened
CVE-2026-21858 is a content-type confusion vulnerability in n8n's webhook handling mechanism that enables complete server compromise without authentication.
The Vulnerability at a Glance
- CVE ID: CVE-2026-21858
- CVSS Score: 10.0 (Critical)
- Attack Vector: Network - No authentication required
- Affected Versions: n8n 1.65.0 through 1.120.4
- Patched Version: 1.121.0 and above
- Discovered by: Multiple security researchers (Orca Security, Upwind, Horizon3.ai)
Why CVSS 10.0? This vulnerability checks every box for maximum severity:
- No authentication required (attack complexity: low)
- Remote exploitation over the network
- No user interaction needed
- Complete confidentiality, integrity, and availability impact
- Enables full remote code execution with system-level privileges
Real-World Impact
n8n is a widely-deployed workflow automation platform used by thousands of organizations for:
- API integrations and data pipelines
- Cloud infrastructure automation
- DevOps workflow orchestration
- Business process automation
- Data transformation and ETL processes
These deployments typically have access to:
- Database credentials and API keys
- Cloud infrastructure credentials (AWS, Azure, GCP)
- Internal network access
- Customer data and business intelligence
A single compromised n8n instance can be the gateway to your entire cloud infrastructure.
Technical Details: How the Attack Works
Understanding this vulnerability is crucial for bug hunters looking for similar patterns in other platforms. Here's the complete attack chain:
The Content-Type Confusion Bug
n8n's webhook handler processes incoming HTTP requests to execute workflows. The vulnerability exists in how n8n parses the request body based on the Content-Type header.
Normal behavior:
- Webhook receives request with
Content-Type: multipart/form-data - Multipart parser validates file uploads
- Files are stored securely with access controls
Vulnerable behavior:
- Attacker sends
Content-Type: application/json - JSON parser processes body containing crafted
filesobject - Multipart validation is completely bypassed
- Arbitrary file paths can be read/written
Attack Chain: From File Read to RCE
Step 1: Arbitrary File Read
The attacker crafts a JSON payload with a malicious files object:
POST /webhook/test HTTP/1.1
Host: target-n8n.example.com
Content-Type: application/json
{
"files": {
"config": "/home/node/.n8n/config"
}
}This bypasses validation and allows reading:
/home/node/.n8n/config- Database credentials/proc/self/environ- Environment variables with API keys/etc/passwd- System user information/home/node/.n8n/.secret- Encryption keys
Step 2: Session Forgery
Using extracted secrets from step 1:
- Read
ENCRYPTION_KEYfrom environment - Read
JWT_SECRETfrom config files - Forge admin session token
- Authenticate as administrator without credentials
Step 3: Remote Code Execution
With admin access, attackers can:
- Create malicious workflows containing arbitrary code
- n8n executes workflows in Node.js environment
- Workflows can execute system commands via
child_process - Install backdoors, exfiltrate data, pivot to other systems
Why This Pattern Matters for Bug Hunters
Content-type confusion vulnerabilities are everywhere. Look for these patterns:
- Different parsers for different content types (JSON vs XML vs multipart)
- Security controls applied at parser level instead of business logic level
- Assumptions that "frontend always sends correct content-type"
- File upload handlers that trust
Content-Typeheader
💰 Bounty Tip: Content-type confusion bugs typically score High to Critical severity ($2,000-20,000+). They're common in webhook handlers, file upload endpoints, and API gateways. Test every endpoint that accepts Content-Type headers with unexpected values.
Impact: Complete Infrastructure Compromise
This isn't just about compromising one server. n8n instances typically serve as automation hubs with privileged access to your entire stack:
Immediate Impact
- Credential theft: Database passwords, API keys, service account tokens
- Data exfiltration: Customer data, business intelligence, source code
- Backdoor installation: Persistent access via system-level shells
- Workflow manipulation: Inject malicious code into existing automation
Lateral Movement Scenarios
AWS Environment:
- Extract AWS credentials from environment variables
- Access IMDSv1 (if not disabled):
http://169.254.169.254/latest/meta-data/iam/security-credentials/ - Assume IAM roles with broad permissions
- Access S3 buckets, RDS databases, Secrets Manager
- Launch additional EC2 instances for crypto mining
Azure Environment:
- Extract Azure AD service principal credentials
- Access Azure Key Vault secrets
- Pivot to Azure SQL, Storage Accounts, Container Registries
- Modify Azure DevOps pipelines for supply chain attacks
GCP Environment:
- Extract service account keys from environment
- Access Google Cloud Storage buckets
- Query BigQuery datasets for sensitive data
- Compromise Container Registry for image poisoning
Enterprise Risk Scenarios
Financial Services: Payment processing credentials, customer financial data, transaction histories
Healthcare: Patient records, HIPAA-protected data, medical system credentials
E-commerce: Customer databases, payment gateways, inventory systems
SaaS Platforms: Multi-tenant data access, customer credentials, application secrets
⚠️ Exploitation Status: While no public exploits are confirmed in the wild yet, POC documentation has been published by multiple security research firms. Expect exploitation attempts to accelerate rapidly.
How to Test for This Vulnerability
For Security Researchers: If you're testing applications with workflow automation, webhook handlers, or API integration features, here's how to identify similar vulnerabilities.
Step 1: Identify Webhook/Upload Endpoints
Use Burp Suite Professional to map your target:
- Enable proxy and browse the application
- Look for endpoints accepting file uploads or webhook data
- Note all endpoints with
Content-Typevalidation - Pay attention to workflow/automation features
Step 2: Test Content-Type Confusion
Baseline test: Send the same request with different content types
// Original request
POST /webhook/handler HTTP/1.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary
...
// Test 1: Change to application/json
POST /webhook/handler HTTP/1.1
Content-Type: application/json
{"files": {"test": "/etc/passwd"}}
// Test 2: Change to application/xml
POST /webhook/handler HTTP/1.1
Content-Type: application/xml
<files><file path="/etc/passwd"/></files>
// Test 3: Remove content-type entirely
POST /webhook/handler HTTP/1.1
files[test]=/etc/passwdStep 3: Test File Path Manipulation
If the endpoint accepts file references, test for path traversal:
../../../etc/passwd/proc/self/environ/proc/self/cmdline/home/user/.env/app/config/database.yml
Step 4: Look for Secondary Exploitation
If you achieve file read, escalate to:
- Credential extraction: Config files, environment variables
- Source code disclosure: Application logic, hardcoded secrets
- Session token forgery: JWT secrets, encryption keys
- Remote code execution: Template injection, command injection
Step 5: Test Adjacent Features
n8n vulnerability exists in webhook handling. Test related features:
- API integration endpoints
- Workflow execution APIs
- Data transformation handlers
- Custom function evaluators
- Template rendering engines
Mitigation: Protect Your Infrastructure
For n8n Users - Immediate Actions
1. Update Immediately
- Upgrade to n8n version 1.121.0 or higher
- Verify version:
n8n --version - Check Docker images:
docker.n8n.io/n8nio/n8n:1.121.0 - Review upgrade notes at docs.n8n.io
2. Audit for Compromise
- Review logs: Look for suspicious webhook requests with
Content-Type: application/jsonandfilesobjects - Check workflows: Review all workflows for unexpected modifications
- Inspect file access: Audit access to
/home/node/.n8n/directory - Review credentials: Rotate all API keys, database passwords, cloud credentials
3. Network Segmentation
- Place n8n behind VPN or private network if possible
- Implement IP allowlisting for webhook endpoints
- Use Web Application Firewall (WAF) with strict content-type rules
- Monitor for unusual outbound connections
For Developers - Prevention Patterns
Content-Type Handling Best Practices:
- Validate at business logic layer: Don't rely on parser-level security
- Strict content-type enforcement: Reject unexpected types explicitly
- Separate handlers: Different code paths for JSON vs multipart vs XML
- Input validation: Validate all object properties, not just content-type
Example secure implementation:
// BAD - Parser-dependent security
app.post('/webhook', (req, res) => {
// Relies on Express/body-parser to handle content-type
const files = req.body.files; // Vulnerable!
});
// GOOD - Explicit validation
app.post('/webhook', (req, res) => {
const contentType = req.get('Content-Type');
if (!contentType || !contentType.includes('multipart/form-data')) {
return res.status(400).json({ error: 'Invalid content type' });
}
if (typeof req.body.files === 'object') {
return res.status(400).json({ error: 'Unexpected data structure' });
}
// Process with multipart-specific handler only
handleMultipartUpload(req, res);
});For Bug Bounty Programs
If you run a workflow automation or webhook-based platform:
- Prioritize content-type confusion testing in your security audits
- Add specific test cases for parser bypass scenarios
- Consider dedicated bounties for webhook security issues
- Document expected content-types in API specifications
Defense in Depth Recommendations
Cloud-level protections:
- IMDSv2 enforcement: Disable IMDSv1 in AWS (prevents metadata endpoint abuse)
- Principle of least privilege: Limit IAM roles to minimum required permissions
- Secrets management: Use AWS Secrets Manager/Azure Key Vault instead of environment variables
- Network policies: Restrict egress to known-good destinations only
Level Up Your Security Testing
Want to find critical vulnerabilities like CVE-2026-21858? These resources will help you master cloud security and bug bounty hunting:
📚 The Web Application Hacker's Handbook - $45
The definitive guide to web security testing. Covers input validation, authentication bypasses, and content-type confusion patterns in depth. Every bug hunter should own this.
📚 Black Hat Python - $35
Learn to build custom security testing tools. Automate vulnerability scanning, develop exploit POCs, and create webhook testing frameworks. Critical for finding complex bugs.
🔧 Burp Suite Professional - $449/year
The industry standard for web security testing. Essential features: content-type manipulation, request repeater, intruder for fuzzing, and extensions for automation. Worth every penny for serious bug hunters.
🔐 YubiKey 5 NFC - $55
Protect your bug bounty accounts and cloud infrastructure. As a security researcher, you're a high-value target. Hardware 2FA is mandatory - don't become the vulnerability.
Frequently Asked Questions
How is CVE-2026-21858 different from CVE-2026-25049 (the other n8n CVE)?
CVE-2026-21858 is MORE critical: CVSS 10.0 (perfect score) vs 25049's 9.4. Key difference: 21858 requires NO authentication (unauthenticated RCE), while 25049 required authenticated access. 21858 affects older versions (1.65.0-1.120.4), 25049 affects newer versions (1.123.17+, 2.5.2+). If you have older n8n, 21858 is your bigger threat.
Why is this rated CVSS 10.0 (maximum severity)?
Perfect 10.0 score requires: no authentication, network-based, low attack complexity, no user interaction, and complete CIA (confidentiality/integrity/availability) impact. CVE-2026-21858 checks all boxes - anyone can send a malicious webhook request and get complete server control. No prerequisites, no skill required, maximum damage.
Can you really exploit this without any credentials?
Yes. That's what makes it devastating. Find any n8n instance with webhooks enabled (which is most deployments), send a crafted POST request with content-type confusion, execute arbitrary code. No login, no auth token, no user interaction. One HTTP request = full server compromise. This is as bad as it gets.
How do I check if my n8n instance is vulnerable?
Check your version: n8n --version or npm list n8n. Vulnerable: 1.65.0 through 1.120.4. Safe: 1.121.0 or higher. If you're on vulnerable version, patch IMMEDIATELY - this is internet-scannable and trivial to exploit. Don't wait for maintenance window.
Are there known exploits in the wild?
Yes. Multiple security firms (Orca, Upwind, Horizon3) published PoC code. Expect mass exploitation within days of disclosure. If you're running vulnerable n8n, assume you're already being scanned. Patch before reading the rest of this article.
What makes this valuable for bug bounty hunters?
Two angles: 1) Find vulnerable n8n instances in bug bounty programs (high-severity finding, $5k-20k typical), 2) Look for similar content-type confusion patterns in other webhook handlers (broader vulnerability class). This is a template for finding critical bugs in automation platforms.
What tools do I need to test for this vulnerability?
Burp Suite Professional for webhook testing and request manipulation. Postman for crafting content-type payloads. For practice: set up vulnerable n8n instance locally (version 1.120.0), enable webhooks, practice exploitation. NEVER test on production systems you don't own.
Which is more dangerous: CVE-2026-21858 or CVE-2026-25049?
CVE-2026-21858 (this one) is more dangerous. No authentication required = anyone can exploit it. CVE-2026-25049 requires authenticated access first (still critical, but one more barrier). If choosing which to patch first: 21858 wins. But honestly, patch both immediately.
Key Takeaways
- CVSS 10.0 is rare: CVE-2026-21858 represents a perfect storm of critical factors - treat this with maximum urgency
- Content-type confusion is common: This vulnerability class exists across thousands of applications - learn the pattern
- Workflow platforms are high-value targets: They have privileged access to your entire stack
- Update immediately: If you're running n8n < 1.121.0, you're vulnerable right now
- Defense in depth matters: Network segmentation and IMDSv2 would have limited impact even if exploited
For Bug Hunters:
- Test every webhook and file upload endpoint for content-type confusion
- Chain vulnerabilities: file read → credential theft → RCE
- Focus on workflow automation platforms in your bug bounty targets
- Document exploitation chains thoroughly for maximum bounty payouts
For DevSecOps Teams:
- Audit all workflow automation and webhook handlers immediately
- Implement strict content-type validation at business logic layer
- Enable IMDSv2 and disable IMDSv1 across all cloud infrastructure
- Rotate credentials if you suspect any exposure
Remember: This vulnerability demonstrates why cloud security isn't just about firewalls and IAM policies. Application-level vulnerabilities can bypass all your infrastructure security. Stay vigilant, test thoroughly, and never trust content-type headers. 🎯
✅ Action Items:
- Check if you're running affected n8n versions (1.65.0 - 1.120.4)
- Update to 1.121.0+ immediately
- Review webhook logs for suspicious activity
- Rotate all credentials accessible from n8n environment
- Implement content-type validation in your own applications