- Nearly 60,000 n8n instances remain vulnerable to Ni8mare CVE-2026-21858 flaw
- Vulnerability allows unauthorized remote server takeover; fixed in version 1.121.0
- Shadowserver found most cases in the US, Europe, Asia; upgrade is defense only
Experts have warned that nearly 60,000 n8n Internet-connected instances are still vulnerable to Ni8mare, a maximum severity bug that was discovered and fixed.
n8n is an open source workflow automation platform that lets users connect apps, APIs and services to automate tasks without heavy coding. It allows users to build visual workflows that move data between tools, trigger actions, and run custom logic.
The Shadowserver Foundation, a nonprofit cybersecurity organization that gathers intelligence and tracks malicious activity across the web, noted how the platform was vulnerable to CVE-2026-21858, a security flaw stemming from an improper input validation weakness. It allows unauthorized attackers to remotely take control of the underlying server and thereby target locally installed n8n instances. The bug was given the maximum severity score – 10/10 and said it plagued versions 1.65.0 and below 1.121.0. It was fixed in version 1.121.0 and nicknamed Ni8mare.
Patches and workarounds
Shadowserver data claims that as of January 11, 2026, there were exactly 59,559 Internet-connected n8n instances vulnerable to Ni8mare, including 28,087 instances in the United States, 21,268 in Europe, and 7,553 in Asia.
The flaw was discovered in early November 2025 by cybersecurity researchers Cyera. Right now, there are no workarounds available, and the only viable way to defend against potential abuse is to upgrade to the latest version. Granted, administrators who cannot upgrade at this time can block attacks by limiting or completely disabling publicly available webhook and form endpoints.
To that end, the n8n team also provided a workflow template for administrators who want to scan their instances.
N8n is a very popular platform, especially with the explosion in AI development. It is generally used to automate data ingestion and build AI agents and reportedly has more than 100 million pulls on Docker Hub and over 50,000 weekly downloads on npm.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
