New Vulnerability in n8n_SCHNEIER:21BEBBEB90825298BAA2BA42ADD662DF

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

This isn't good:

> We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability.

Three technical links and two news links.

Visit Original Source

Basic Information

ID SCHNEIER:21BEBBEB90825298BAA2BA42ADD662DF

Published Jan 15, 2026 at 12:05

Modified Jan 14, 2026 at 19:57

{
    "lastseen": "2026-01-15T14:05:07",
    "description": "This isn't good:\n\n> We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability.\n\nThree technical links and two news links.",
    "published": "2026-01-15T12:05:04",
    "modified": "2026-01-14T19:57:21",
    "type": "schneier",
    "title": "New Vulnerability in n8n",
    "source": "",
    "references": "",
    "id": "SCHNEIER:21BEBBEB90825298BAA2BA42ADD662DF",
    "bulletinFamily": "blog",
    "cwe": null,
    "cvelist": [
        "CVE-2026-21858"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://www.schneier.com/blog/archives/2026/01/new-vulnerability-in-n8n.html",
    "category_name": "News",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply