n8n AI workflow platform hit by CVSS 10.0 RCE vulnerability

Jan 2026

The popular AI workflow automation platform n8n disclosed a maximum-severity vulnerability (CVE-2026-21858) allowing unauthenticated remote code execution on self-hosted instances. With over 25,000 n8n hosts exposed to the internet, the flaw enabled attackers to access sensitive files, forge admin sessions, and execute arbitrary commands. This followed two other critical RCE flaws patched in the same period, highlighting systemic security issues in AI automation platforms.

Incident Details

Perpetrator:Platform Operator

Severity:Catastrophic

Blast Radius:25,000+ internet-exposed n8n instances vulnerable to full system compromise; arbitrary file access, authentication bypass, and command execution possible without authentication.

Tech Stack

n8nAI workflow automationWebhooksNode.js

References

The Hacker News: n8n Warns of CVSS 10.0 RCE Vulnerability ↗Aikido: n8n Critical Vulnerability (CVE-2026-21858) Analysis ↗The Stack: Unauthenticated RCE in AI automation software n8n ↗Cyera Research: Ni8mare - Unauthenticated RCE in n8n ↗