CVE-2026-21858 - Critical File Exposure in n8n Workflow Automation Platform

n8n has quickly grown into one of the most popular open-source workflow automation tools, powering integrations for individuals, startups, and enterprises alike. But sometimes popularity comes with a price. In March 2026, a high-impact vulnerability—tracked as CVE-2026-21858—was disclosed, exposing users’ sensitive files to remote attackers thanks to a misconfiguration in workflow execution. In this deep dive, we’ll explore what happened, why it’s dangerous, how exploits work, and—in simple steps—how to fix and secure your instance.

What is n8n?

For anyone new: n8n lets you automate tasks by connecting your favorite apps (like Google Sheets, Slack, and hundreds more). You can run automations on your own server or in the cloud, meaning you’re in control. But with that power comes responsibility.

Fixed in: v1.121.

- CVE Summary: A malicious workflow (with specific crafted form inputs) could let unauthenticated attackers read files from the n8n server’s file system—potentially leaking environment configs, credentials, or other secrets.

You do not need an account or prior access. If your workflows process data sent from forms (especially public ones), you could be at risk.

Lets attackers read any file that the n8n process user can access.

- Depending on what’s read, follow-on attacks could target your infrastructure, database, or connected third-party services.

Technical Details & Exploit Example

The vulnerability relates to insufficient validation of user-supplied paths in certain form nodes. For instance, when using workflow steps that handle file reads based on form input, a user could supply a malicious path like ../../../../etc/passwd and fetch sensitive files, thanks to lack of sanitization.

Suppose you have an insecure workflow like this

// Vulnerable n8n workflow step (pseudocode)
const userInput = getNodeParameter('filepath'); // Collected from a public form widget
const fileContent = fs.readFileSync(userInput, 'utf8');
return fileContent;

If your form does not sanitize filepath, an attacker submits:

../../../../etc/passwd

And gets back your system's password file (or any other file where n8n runs).

If you published a workflow for user uploads or fetching, like

{
  "nodes": [
    {
      "parameters": {
        "operation": "read",
        "filePath": "={{ $json[\"filename\"] }}"
      },
      "name": "Read File",
      "type": "n8n-nodes-base.fs",
      "typeVersion": 1
    }
  ]
}

And allowed "filename" from user input—attackers could input any path, not just safe whitelisted files.

Say your workflow exposes an HTTP endpoint

POST /webhook/YOUR-ID
Content-Type: application/json

{
  "filename": "../../../../etc/passwd"
}

If not fixed or filtered, this would return the contents of /etc/passwd.

Your n8n version is 1.65. through 1.120.1 (just before 1.121.)

Default n8n deployments are often at extra risk—especially in self-hosted or Docker setups with sensitive environment files.

1. Update n8n now!

The maintainers released a patch in version 1.121..

Upgrade as soon as possible.

# For Docker
docker pull n8nio/n8n:latest
docker-compose up -d

# For npm/yarn installs
npm install n8n@latest

See n8n upgrade guide.

2. Harden Workflows

- Never trust user input for file paths. Only allow pre-set or whitelisted filenames or directories.

References

- n8n Security Changelog
- CVE-2026-21858 NVD Entry (pending)
- Upgrade Docs

Conclusion

CVE-2026-21858 is a wake-up call: powerful no-code tools are as vulnerable to oversights as any codebase. If you’re running n8n with public input or user-facing automations, patch your instance and audit workflows today. Don’t just rely on defaults—security is a shared responsibility in the automation age.

Found this useful? Spread the word and keep your automations safe!

Timeline

Published on: 01/07/2026 23:57:52 UTC
Last modified on: 01/16/2026 19:31:34 UTC