Headline
n8n Users Urged to Patch CVSS 10.0 Full System Takeover Vulnerability
A critical vulnerability (CVE-2026-21877) found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution.
If your company uses n8n to handle daily tasks, it is time to check your version number. A major security flaw has been found in the platform, and it’s about as serious as it gets. The firm Upwind recently put out an analysis on this problem, which is a “critical authenticated remote code execution vulnerability.”
In simple words, it means that if a hacker gets in, they could take over the whole system. For your information, n8n is a “glue” that connects different apps and databases. Because it sits in the middle of all that data, a security gap here is a massive deal.
****What went wrong?****
This flaw is officially named CVE-2026-21877 and carries a 10.0 severity score, which is the highest possible danger rating. The technical side of things comes down to an arbitrary file write condition. What happens is that the software lets someone save a file in a place they shouldn’t be allowed to touch. According to researchers, this happens because the system doesn’t properly double-check “untrusted input” before it starts processing data.
Security researcher Théo Lelasseux, who found the bug, noted that while a person needs a valid login to pull this off, once they are inside, they can cause “untrusted code to be executed by the n8n service.” As we know it, these systems can provide access to internal systems, credentials, and sensitive data, so an intruder could do a lot of damage very quickly.
****How to stay safe****
The research into this flaw was shared with Hackread.com. It turns out a huge range of versions are at risk, specifically 0.123.0 all the way up to 1.121.3. It doesn’t matter if you run the software on your own office servers or use a managed cloud version; you are likely affected.
The fix is simple but urgent; you need to update to version 1.121.3 or higher right now to fully address the vulnerability. It is worth noting that there haven’t been reports of hackers using this yet, but you shouldn’t wait to find out. Besides updating, experts suggest disabling the Git node and making sure only your top-level admins have the right to change how your workflows function.
Related news
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. "Under certain conditions, an authenticated user may be able to cause untrusted code to be
### Impact n8n is affected by an authenticated Remote Code Execution (RCE) vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud instances are impacted. ### Patches The issue has been resolved in n8n version 1.121.3. Users are advised to upgrade to this version or later to fully address the vulnerability. ### Workarounds If upgrading is not immediately possible, administrators can reduce exposure by disabling the Git node and limiting access for untrusted users. ### References - n8n documentation: [Blocking access to nodes](https://docs.n8n.io/hosting/securing/blocking-nodes/)