Critical RCE Flaw Allows Full Takeover of N8n AI Workflow Platform

The n8n platform has become a backbone for modern enterprises, stitching together APIs, cloud storage, and AI services into seamless workflows. Its flexibility, however, creates a broad attack surface: a single flaw in the formWebhook handler can expose internal files and, by extension, the secrets they contain. The CVE‑2026‑21858 vulnerability exploits a missing Content‑Type check, allowing attackers to submit JSON payloads that masquerade as file uploads, leading to arbitrary file reads and path‑traversal writes.

Beyond the immediate file‑access risk, the flaw enables credential harvesting that defeats n8n’s authentication model. Session cookies are derived from a secret key and user records stored in plain‑text configuration files. Once an adversary extracts these files, they can forge valid admin cookies, gain full control of the workflow engine, and invoke the Execute Command node to run arbitrary OS commands. This chain effectively turns n8n into a remote shell, compromising any downstream systems that rely on its integrations— from Salesforce and Google Drive to payment processors and CI/CD pipelines.

For organizations, the lesson is twofold. First, maintain a rigorous patch cadence; the silent release of version 1.121.0 illustrates that critical fixes may not be announced promptly. Second, treat automation platforms as privileged assets, enforcing network segmentation, least‑privilege API keys, and regular secret rotation. By hardening the surrounding environment and monitoring for anomalous webhook traffic, firms can mitigate the outsized blast radius that a single compromised n8n instance now presents.