VDB
WID-SEC-W-2026-0040
WID-SEC-W-2026-0040
PUBLISHED
n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden können, um Aufgaben zu automatisieren.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n8n n8n 1.121.0 | ||
| n8n n8n <2.2.2 | ||
| n8n n8n 2.2.2 | ||
| n8n n8n <1.121.0 | ||
| n8n n8n 1.20.4 | ||
| n8n n8n <1.20.4 |
Exploit Intelligence
- https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0040.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0040 (circl)
- https://github.com/advisories/GHSA-v4pr-fm98-w9pg (circl)
- https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 (circl)
- https://github.com/advisories/GHSA-jf52-3f2h-h9j5 (circl)
- https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp (circl)
- https://github.com/Chocapikk/CVE-2026-21858 (circl)
Timeline
- Jan 7, 2026 CVE Published
- Jan 8, 2026 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0040.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0040 advisory
- https://github.com/advisories/GHSA-v4pr-fm98-w9pg url
- https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 url
- https://github.com/advisories/GHSA-jf52-3f2h-h9j5 url
- https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp url
- https://github.com/Chocapikk/CVE-2026-21858 url