We discovered a critical vulnerability (CVE‑2026‑21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability.

Relevant links:

• Cyera research‑lab write‑up

• n8n community advisory

• The Hacker News article

• Schneier blog post

• NVD entry

• Cybersecurity Dive coverage

• BleepingComputer report