n8n Vulnerabilities (Jan 2026)

Heloise Meyer | Jan. 8, 2026, 10:31 a.m.

Further information on the n8n Vulnerability (CVE-2026-21858, CVE-2026-21877, CVE-2025-68613, CVE-2025-68668)

Max severity Ni8mare flaw lets hackers hijack n8n servers [Bill Toulas, Bleeping Computer]

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions [Ravie Lakshmanan, The Hacker News]

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances [Ravie Lakshmanan, The Hacker News]

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands [Ravie Lakshmanan, The Hacker News]