Lucene search
K

n8n Webhooks - Remote Code Execution

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 30 Views

Critical unauthenticated remote code execution in n8n Webhooks; fixed in 1.121.0.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Improper Input Validation in N8N
21 Jan 202615:01
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
11 Feb 202601:01
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
20 Jan 202611:50
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
20 Jan 202615:59
githubexploit
GithubExploit
Exploit for CVE-2026-21858
12 Jan 202614:32
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
17 Jan 202604:57
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
30 Jan 202622:38
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
9 Apr 202611:09
githubexploit
GithubExploit
cve-2026-poc-collection
21 May 202615:15
githubexploit
GithubExploit
Exploit for Improper Input Validation in N8N
24 Jan 202602:08
githubexploit
Rows per page
id: CVE-2026-21858

info:
  name: n8n Webhooks - Remote Code Execution
  author: rxerium
  severity: critical
  description: |
    n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
  impact: |
    Unauthenticated remote attackers can access sensitive files, potentially leading to information disclosure and further system compromise.
  remediation: |
    Update to version 1.121.0 or later.
  reference:
    - https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html
    - https://nvd.nist.gov/vuln/detail/CVE-2026-21858
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
    cvss-score: 10.0
    cve-id: CVE-2026-21858
    epss-score: 0.71647
    epss-percentile: 0.99343
    cwe-id: CWE-20
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-831756631
  tags: cve,cve2026,n8n,workflow,rce,passive,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/signin"

    extractors:
      - type: regex
        name: base64_content
        group: 1
        regex:
          - '<meta name="n8n:config:sentry" content="([A-Za-z0-9+/=]+)"'
        internal: true

      - type: dsl
        name: decoded
        dsl:
          - 'base64_decode(base64_content)'
        internal: true

      - type: dsl
        name: version
        dsl:
          - 'replace_regex(base64_decode(base64_content), ".*n8n@([0-9]+\\.[0-9]+\\.[0-9]+).*", "$1")'
        internal: true

      - type: dsl
        dsl:
          - '"n8n Version: " + version'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>n8n.io"
        case-insensitive: true

      - type: status
        status:
          - 200

      - type: dsl
        name: vulnerable
        dsl:
          - compare_versions(version, '>= 1.65.0', '< 1.121.0')
# digest: 4a0a0047304502202b441d8f8fb6e4e1e332e4292915364eafede1e4716af68f3889203aa7e5633b022100c338d009c71642b3470ed24f948598ae87d12ba6063cb5e57abebccf7acc6b5b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.110
EPSS0.71647
SSVC
30