Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed “Ni8mare.”
n8n is an open-source workflow automation platform that allows users to connect different applications and services via pre-built connectors and a visual, node-based interface to automate repetitive tasks without writing code.
The automation platform is widely used in AI development to automate data ingestion and build AI agents and RAG pipelines. It has over 100 million pulls on Docker Hub and over 50,000 weekly downloads on npm.
Since n8n serves as a central automation hub, it often stores API keys, OAuth tokens, database credentials, cloud storage access, CI/CD secrets, and business data, making it an attractive target for threat actors.
Tracked as CVE-2026-21858, this security flaw stems from an improper input validation weakness that allows remote, unauthenticated attackers to take control over locally deployed n8n instances after gaining access to files on the underlying server.
“A vulnerable workflow could grant access to an unauthenticated remote attacker. This could potentially result in exposure of information stored on the system and may enable further compromise depending on deployment configuration and workflow usage,” the n8n team explained.
“An n8n instance is potentially vulnerable if it has an active workflow with a Form Submission trigger accepting a file element, and a Form Ending node returning a binary file.”
Cyera researchers who discovered Ni8mare and reported it to n8n in early November said that the vulnerability is a content-type confusion in how n8n parses data, which can be exploited to expose secrets stored on the instance, forge session cookies to bypass authentication, inject sensitive files into workflows, or even execute arbitrary commands.
Over the weekend, the Internet security watchdog group Shadowserver found 105,753 unpatched instances exposed online and 59,558 still exposed on Sunday, with more than 28,000 IPs found in the United States and over 21,000 in Europe.
To block potential attacks, admins are advised to upgrade their n8n instances to version 1.121.0 or later as soon as possible.
While n8n developers said that there is no official workaround available for Ni8mare, admins who can’t immediately upgrade may be able to block potential attacks by restricting or disabling publicly accessible webhook and form endpoints.
The n8n team also provides this workflow template for admins who want to scan their instances for potentially vulnerable workflows.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.
