CVE-2026-21858 aka Ni8mare: Critical Unauthenticated Remote Code Execution Vulnerability in n8n Platform

Ni8mare (CVE-2026-21858) is a critical (CVSS 10.0) unauthenticated vulnerability in n8n’s webhook/form parsing that allows attackers to overwrite the req.body.files object and cause the application to copy arbitrary local files into persistent storage, enabling sensitive data exposure, workflow manipulation, credential compromise, and in some configurations full instance compromise; it affects n8n versions up to and including 1.65.0 and was fixed in 1.121.0 (released 2025-11-18). Censys reports roughly 26,500 internet-accessible n8n hosts, increasing the potential attack surface, and no official workaround exists other than restricting public endpoints until patching.