Vulnetix
Try Vulnetix Request Demo
GCVE-VVD-ACSC-2026-0002
Advisory Published
Vulnetix · Advisory published January 8, 2026
A critical unauthenticated Remote Code Execution (RCE) vulnerability affecting n8n workflow automation platform has been observed. The critical vulnerability, tracked as CVE-2026-21858, allows unauthenticated threat actors to access sensitive files on the underlying server through execution of certain form-based workflows leading to RCE. This vulnerability is assessed as CVSS 10.0.
Download JSON Open in Console

Aliases

CVE-2026-21858

Transitive aliases

GHSA-v98v-ff95-f3cpGHSA-jf52-3f2h-h9j5VVD-CESS-2026-21894EUVD-2026-8761NCSC-2026-0002VVD-NCSC-2026-2VVD-CESS-2026-21858GHSA-v4pr-fm98-w9pgVVD-ANCHORE-2025-68613VVD-CESS-2025-68613VVD-CESS-2026-27577BDU:2026-00126BDU:2025-16183EUVD-2025-204618CVE-2026-27577VVD-ANCHORE-2026-21894GHSA-vpcf-gvg4-6qwrWID-SEC-W-2026-0040CVE-2025-68613VVD-ANCHORE-2026-27577VVD-ANCHORE-2026-21858CVE-2026-21894

References

CRITICAL ALERT: Critical Unauthenticated Remote Code Execution vulnerability in n8n workflow automation platform
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON