n8n Webhook Vulnerability CVE-2026-21858: Content-Type Trick to Full RCE

A single malformed Content-Type header. That's all it takes to go from zero access to full remote code execution on roughly 100,000 self-hosted n8n servers. CVE-2026-21858 — the n8n webhook vulnerability disclosed on January 7, 2026 — carries a CVSS score of 10.0, the maximum possible severity rating. No authentication required. No user interaction needed. If your n8n instance has a Form Webhook node exposed to the internet, an attacker can read arbitrary files from your server, forge an admin session cookie, and execute any operating system command they want. Cyera Research Labs discovered the vulnerability and named it "Ni8mare" — a fitting name for what is arguably the worst security flaw in n8n's history. The exploit chain is elegant in the worst possible way: it turns a content parsing oversight into complete server takeover in three HTTP requests. How the n8n Webhook Vulnerability Exploit Chain Works The attack exploits how n8n's Form Webhook node processes incoming HTTP requests

n8n Webhook Vulnerability CVE-2026-21858: Content-Type Trick to Full RCE

Related Articles

Amazon is offering up to 50 percent off chargers from Anker and others for its Big Spring Sale

Reading leaked Claude Code source code

Axios Gets 100 Million Downloads a Week. Today, Two Came With a Trojan.

Robotaxi companies refuse to say how often their AVs need remote help

I Set the Thread Pool to 8 and Brought Down Black Friday

Related Articles

News
Amazon is offering up to 50 percent off chargers from Anker and others for its Big Spring Sale
The Verge • 16h ago

News
Reading leaked Claude Code source code
Lobsters • 17h ago

News
Axios Gets 100 Million Downloads a Week. Today, Two Came With a Trojan.
Medium Programming • 17h ago

News
Robotaxi companies refuse to say how often their AVs need remote help
TechCrunch • 18h ago

News
I Set the Thread Pool to 8 and Brought Down Black Friday
Medium Programming • 18h ago