Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21858
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
Source: NVD (National Vulnerability Database)
Vulnerability Description
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
n8n 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.121.0之前版本存在输入验证错误漏洞,该漏洞源于攻击者可通过执行基于表单的工作流访问底层服务器文件,可能导致敏感信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
n8n-ion8n >= 1.65.0, < 1.121.0 -
II. Public POCs for CVE-2026-21858
#POC DescriptionSource LinkShenlong Link
1n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-21858.yamlPOC Details
2A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform.https://github.com/eduardorossi84/CVE-2026-21858-POCPOC Details
3n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)https://github.com/Chocapikk/CVE-2026-21858POC Details
4CVE-2026-21858https://github.com/Ashwesker/Ashwesker-CVE-2026-21858POC Details
5Comprehensive vulnerability detection tool for n8n workflow automation instances. Detects the critical CVE-2026-21858 vulnerability (CVSS 10.0) without performing any exploitation.https://github.com/cropnet/ni8mare-scannerPOC Details
6SASTRA-ADI-WIGUNA-CVE-2026-21858-Holistic-Audithttps://github.com/sastraadiwiguna-purpleeliteteaming/SASTRA-ADI-WIGUNA-CVE-2026-21858-Holistic-AuditPOC Details
7Comprehensive vulnerability detection tool for n8n workflow automation instances. Detects the critical CVE-2026-21858 vulnerability (CVSS 10.0) without performing any exploitation.https://github.com/cropnet/Ni8marePOC Details
8Nonehttps://github.com/sec-dojo-com/CVE-2026-21858POC Details
9Proof of Concept: CVE-2026-21858 is vulnerability on n8n where unauthenticated remote attackers can access sensitive files.https://github.com/SystemVll/CVE-2026-21858POC Details
10CVE-2026-21858https://github.com/bgarz929/Ashwesker-CVE-2026-21858POC Details
11Hackhttps://github.com/Alhakim88/CVE-2026-21858POC Details
12Nonehttps://github.com/EQSTLab/CVE-2026-21858POC Details
13CVE-2026-21858https://github.com/zaryouhashraf/CVE-2026-21858POC Details
14Nonehttps://github.com/bamov970/CVE-2026-21858POC Details
15https://github.com/vulhub/vulhub/blob/master/n8n/CVE-2026-21858/README.mdPOC Details
16Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/n8n%20Content-Type%20%E6%B7%B7%E6%B7%86%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E8%87%B3%20RCE%20%E6%BC%8F%E6%B4%9E%20CVE-2026-21858.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2026-21858
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n8n
Same vendor: n8n-io
Same weakness: CWE-20
V. Comments for CVE-2026-21858

No comments yet

Leave a comment