Ni8mare: How Two n8n CVEs Chain Into a CVSS 10.0 Unauthenticated Root RCE

---

The open‑source workflow automation platform n8n - widely adopted for no‑code and low‑code automation - has been hit by a maximum‑severity security incident. Two vulnerabilities, when chained together, allow an attacker to move from unauthenticated access to full root‑level Remote Code Execution (RCE).

This exploit chain has been dubbed Ni8mare by security researchers.

---

Overview

• CVE‑2026‑21858 - Unauthenticated Arbitrary File Read via Content‑Type Confusion (CVSS 10.0)
• CVE‑2025‑68613 - Authenticated Expression Injection Sandbox Bypass leading to RCE (CVSS 9.9)

Individually dangerous, these vulnerabilities become catastrophic when chained, enabling total system compromise.

---

CVE‑2026‑21858 - Arbitrary File Read (Unauthenticated)

This vulnerability stems from improper validation of the

Content‑Type

header in n8n’s HTTP request handling.

How the flaw works

1. n8n routes requests based on the declared

   Content‑Type

   .
2. A logic flaw allows crafted requests to bypass intended parsing rules.
3. The file‑handling mechanism can be triggered unexpectedly.
4. Attackers gain arbitrary file read access without authentication.

Impacted files commonly targeted

• /proc/self/environ

  - reveals runtime environment variables

• $HOME/.n8n/config

  - contains encryption secrets

• $HOME/.n8n/database.sqlite

  - stores credentials and workflow data

With these files, attackers can extract encryption keys and session secrets, enabling authentication bypass.

---

Forging Admin Access

Using stolen secrets and database content, attackers can:

• Reconstruct valid JWT session tokens
• Forge an administrator session
• Gain full authenticated access without knowing any credentials

At this point, the attacker controls the n8n instance.

---

CVE‑2025‑68613 - Expression Injection → RCE

n8n workflows support JavaScript‑like expressions executed in a sandboxed environment. CVE‑2025‑68613 exposes a sandbox escape.

The issue

• User‑controlled expressions are evaluated with insufficient isolation
• Dangerous Node.js internals remain reachable
• Arbitrary system commands can be executed

Example abuse pattern:

this.process.mainModule
  .require("child_process")
  .execSync("id")

This turns workflow configuration into a remote command execution vector.

---

The Full Ni8mare Exploit Chain

1. Exploit CVE‑2026‑21858 to read arbitrary files
2. Extract encryption keys and database
3. Forge a valid admin JWT token
4. Log in as administrator
5. Create or modify a malicious workflow
6. Exploit CVE‑2025‑68613 to bypass sandbox
7. Execute arbitrary commands
8. Achieve root‑level RCE

✔ No authentication required initially ✔ Full privilege escalation ✔ Complete system compromise

---

Affected Versions

• CVE‑2026‑21858: n8n versions ≤ 1.65.0
• CVE‑2025‑68613: older releases prior to patched builds

Self‑hosted deployments exposed to the internet are most at risk.

---

Mitigation & Defense

Immediate actions

• Upgrade n8n immediately to a patched release
• Rotate encryption keys and credentials
• Audit workflows for suspicious expressions

Hardening recommendations

• Restrict public access to n8n endpoints
• Use reverse proxies or WAFs
• Avoid running n8n as root
• Monitor logs for abnormal workflow execution

---

Lessons Learned

Ni8mare highlights a critical security truth:

Modern platforms fail not only from single bugs - but from chains of small assumptions.

• Input validation failures
• Secret exposure
• Token trust
• Sandbox escape

Together, they form a worst‑case scenario.

---

References

• GitHub exploit repository: https://github.com/Chocapikk/CVE-2026-21858
• Field Effect Research: Maximum‑Severity Ni8mare
• The Hacker News coverage on CVSS 10.0 n8n vulnerability

---

This article is intended for defensive security awareness and responsible disclosure education.