CVE-2026-21858 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-21858 PUBLISHED CVSS 10 CRITICAL

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

EPSS 7.69% · 91.8th percentile

Risk Scores

CVSS v3.1

10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Score

7.69%

91.8th percentile

Affected Products

Vendor	Product	Versions
n8n-io	n8n	>= 1.65.0, < 1.121.0
n8n	n8n	1.65.0
npm	n8n	1.65.0

Timeline

Jan 7, 2026 CVE Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published
Jan 7, 2026 PoC Published

References

Open in Interactive Console →