CVE-2026-21858
Unauthenticated File Access Vulnerability in n8n Workflows
Description
Description
n8n is an open source workflow automation platform. Versions below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| n8n | n8n | 1.121.0 |
| n8n | n8n | 1.65.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
What immediate steps should I take to mitigate this vulnerability?
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2026-01-08
CVE Last Modified Date:
2026-01-08
Report Generation Date:
2026-01-09
AI Powered Q&A Generation:
2026-01-08
EPSS Last Evaluated Date:
N/A
NVD Report Link: