VDB

GCVE-VVD-NCSC-2026-2

GCVE-VVD-NCSC-2026-2
Advisory PublishedCVSS 10.0/10
Vulnetix · Advisory published January 8, 2026
A vulnerability in n8n versions below 1.121.0 allows unauthorized remote access to sensitive files, which has been addressed in version 1.121.0.
Download JSON Open in Console

Weaknesses (CWE)

CWE-20Improper Input Validation

Risk Scores

CVSS 3.1
10.0/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
n8n-iovers:unknown/*
n8nvers:unknown/*

Aliases

CVE-2026-21858

Transitive aliases

GHSA-v4pr-fm98-w9pgVVD-CESS-2026-21858BDU:2025-16183CVE-2026-27577GHSA-jf52-3f2h-h9j5VVD-ANCHORE-2026-27577NCSC-2026-0002CVE-2025-68613EUVD-2025-204618VVD-CESS-2025-68613VVD-CESS-2026-21894GHSA-vpcf-gvg4-6qwrGHSA-v98v-ff95-f3cpBDU:2026-00126WID-SEC-W-2026-0040VVD-ACSC-2026-0002VVD-ANCHORE-2025-68613VVD-ANCHORE-2026-21894VVD-CESS-2026-27577VVD-ANCHORE-2026-21858CVE-2026-21894EUVD-2026-8761

References

advisory
advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›