20260107-bleepingcomputer.com-bef08

< Back to index

Max severity Ni8mare flaw lets hackers hijack n8n servers

Published:

7 January 2026 at 17:41:10

Alert date:

7 January 2026 at 18:02:12

Source:

bleepingcomputer.com

Enterprise Applications, Zero-Day Vulnerabilities, Web Technologies

A maximum severity vulnerability dubbed 'Ni8mare' has been discovered in the N8N workflow automation platform. The flaw allows remote, unauthenticated attackers to completely take control over locally deployed N8N instances. This represents a critical security risk for organizations using N8N for workflow automation, as attackers can hijack servers without any authentication requirements. The vulnerability affects locally deployed instances of the platform and poses significant risks to organizational infrastructure.

Technical details

The Ni8mare vulnerability is a content-type confusion bug in n8n's data parsing mechanism. When a webhook request is marked as multipart/form-data, n8n uses an upload parser that saves files to random temporary locations. However, by setting a different content type like application/json, attackers can bypass this upload parser while n8n still processes file-related fields without proper validation. This allows attackers to control file metadata including file paths, enabling arbitrary file reading from the server, exposure of secrets, session cookie forgery, and potential remote code execution.

Mitigation steps:

Update to n8n version 1.121.0 or more recent. As a temporary mitigation, restrict or disable publicly accessible webhook and form endpoints. No official workaround is available according to n8n developers.

Affected products:

n8n workflow automation platform - versions prior to 1.121.0