CVE-2026-21858: n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

January 7, 2026 (updated January 13, 2026)

A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage.

References

github.com/advisories/GHSA-v4pr-fm98-w9pg
github.com/n8n-io/n8n
github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg
nvd.nist.gov/vuln/detail/CVE-2026-21858
www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

Code Behaviors & Features

Detect and mitigate CVE-2026-21858 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →