| Reporter | Title | Published | Views | Family All 44 |
|---|---|---|---|---|
| Exploit for Improper Input Validation in N8N | 21 Jan 202615:01 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 11 Feb 202601:01 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 20 Jan 202611:50 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 20 Jan 202615:59 | – | githubexploit | |
| Exploit for CVE-2026-21858 | 12 Jan 202614:32 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 17 Jan 202604:57 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 30 Jan 202622:38 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 9 Apr 202611:09 | – | githubexploit | |
| cve-2026-poc-collection | 21 May 202615:15 | – | githubexploit | |
| Exploit for Improper Input Validation in N8N | 24 Jan 202602:08 | – | githubexploit |
id: CVE-2026-21858
info:
name: n8n Webhooks - Remote Code Execution
author: rxerium
severity: critical
description: |
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
impact: |
Unauthenticated remote attackers can access sensitive files, potentially leading to information disclosure and further system compromise.
remediation: |
Update to version 1.121.0 or later.
reference:
- https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-21858
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
cvss-score: 10.0
cve-id: CVE-2026-21858
epss-score: 0.71647
epss-percentile: 0.99343
cwe-id: CWE-20
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-831756631
tags: cve,cve2026,n8n,workflow,rce,passive,vkev
http:
- method: GET
path:
- "{{BaseURL}}/signin"
extractors:
- type: regex
name: base64_content
group: 1
regex:
- '<meta name="n8n:config:sentry" content="([A-Za-z0-9+/=]+)"'
internal: true
- type: dsl
name: decoded
dsl:
- 'base64_decode(base64_content)'
internal: true
- type: dsl
name: version
dsl:
- 'replace_regex(base64_decode(base64_content), ".*n8n@([0-9]+\\.[0-9]+\\.[0-9]+).*", "$1")'
internal: true
- type: dsl
dsl:
- '"n8n Version: " + version'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>n8n.io"
case-insensitive: true
- type: status
status:
- 200
- type: dsl
name: vulnerable
dsl:
- compare_versions(version, '>= 1.65.0', '< 1.121.0')
# digest: 4a0a0047304502202b441d8f8fb6e4e1e332e4292915364eafede1e4716af68f3889203aa7e5633b022100c338d009c71642b3470ed24f948598ae87d12ba6063cb5e57abebccf7acc6b5b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation