VDB

CVE-2026-21858

CVE-2026-21858 PUBLISHED CVSS 10 CRITICAL

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

EPSS 5.90% · 90.8th percentile

Risk Scores

CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score
5.90%
90.8th percentile

Affected Products

VendorProductVersions
n8n-ion8n>= 1.65.0, < 1.121.0
n8nn8n1.65.0
npmn8n1.65.0

Timeline

  • Jan 7, 2026 CVE Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
  • Jan 7, 2026 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›