CVE-2026-21858 is a CVSS 10.0 unauthenticated Remote Code Execution vulnerability in n8n, a popular workflow automation platform. The flaw resides in the Form Webhook node, where a Content-Type confusion bug allows attackers to override internal file references via crafted JSON. Exploitation can lead to arbitrary file reads, extraction of secrets and databases, session forgery, and full OS command execution — all without authentication. An estimated 100,000 self-hosted servers may be exposed globally. Affected users should upgrade to n8n 1.121.0 or 1.121.3, restrict internet exposure of Forms and Webhooks, require authentication for all Forms, and rotate stored credentials. The vulnerability was discovered and responsibly disclosed by Cyera Research Labs.
Sort: