24h | 7d | 30d

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
Pending
KEV

Description

n8n is an open source workflow automation platform. Versions below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 11 Posts
  • 3 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
cR0w @cR0w

RE: infosec.exchange/@cR0w/1158494

LMFAO another one. 🥳

github.com/n8n-io/n8n/security

cyera.com/research-labs/ni8mar

cve.org/CVERecord?id=CVE-2026- ( not yet published )

  • 1
  • 1
  • 0
  • 20h ago
Profile picture
Carlos Mogas da Silva @r3pek

Say hello to #Ni8mare, the first named vulnerability of 2026.

cyera.com/research-labs/ni8mar

#cve-2026-21858

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)
  • 1
  • 0
  • 3
  • 20h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
A maximum-severity n8n vulnerability (CVE-2026-21858, Ni8mare) enables unauthenticated attackers to extract secrets and fully compromise vulnerable instances.
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Undercode Testing @undercode.bsky.social
Critical n8n Flaw Exposes 100k Servers: Full Takeover via Unauthenticated Access + Video Introduction: A critical vulnerability (CVE-2026-21858, CVSS 10.0) has been uncovered in the popular workflow automation platform n8n, putting an estimated 100,000 servers at risk of complete compromise. This…
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Sami Laiho @samilaiho.com
n8n: Unauthenticated File Access via Improper Webhook Request Handling URL: github.com/n8n-io/n8n/s... Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 10.0 CVEs: CVE-2026-21858
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
CrowdCyber @crowdcyber.bsky.social
Public Exploit Released: Critical n8n Flaw CVE-2026-21858 Exposes 100k Servers
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
Mynameisv @mynameisv.bsky.social
C"est la fête de n8n 😅 CVE-2026-21877 RCE post-auth avec CVSS 3.1: 10 !!? Au pire le base score serait de 9.9 mais c'est post-auth 🤔 github.com/advisories/G... Mais... CVE-2026-21858 RCE pre-auth avec un vrai CVSS 3.1: 10 😨 www.cyera.com/research-lab... Mettez à jour !
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-21877

Overview

  • n8n-io
  • n8n
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
Pending
KEV

Description

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

Statistics

  • 8 Posts
  • 3 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture
Rishi @rxerium

🚨 Yet another critical (CVSS 10) vulnerability affecting n8n instances tagged as CVE-2026-21877.

If the attack is successful it could result in full compromise of the affected instance.

Vulnerability detection script here:
github.com/rxerium/rxerium-tem

The issue has been resolved in n8n version 1.121.3.

Advisory:
github.com/advisories/GHSA-v36

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
ekiledjian @edwardk

The workflow automation platform n8n has issued a warning about a critical CVSS 10.0 vulnerability (CVE-2026-21877) that allows for remote code execution (RCE) in both self-hosted and cloud versions. This flaw, impacting versions >= 0.123.0 and < 1.121.3, has been fixed in version 1.121.3, and users are urged to upgrade or implement mitigation strategies like disabling the Git node.
thehackernews.com/2026/01/n8n-

  • 0
  • 0
  • 0
  • 22h ago
Profile picture
benzogaga33 :verified: @benzogaga33

Une seconde faille critique RCE affecte n8n – CVE-2026-21877 : comment se protéger ? it-connect.fr/n8n-cve-2026-218 #ActuCybersécurité #Cybersécurité #Vulnérabilité #n8n

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
IT-Connect @it-connect.bsky.social
🚨 CVE-2026-21877 Encore une faille de sécurité critique patchée dans n8n (de type RCE). Quels sont les risques ? Comment se protéger ? 🔐 www.it-connect.fr/n8n-cve-2026... #Cybersécurité #RCE #CVE #n8n #Sécurité
  • 1
  • 2
  • 0
  • 20h ago
Profile picture
CrowdCyber @crowdcyber.bsky.social
CVSS 10.0 Alert: Critical n8n Flaw CVE-2026-21877 Grants Total Control
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
Checkmarx Zero @checkmarxzero.bsky.social
🚨 CVE-2026-21877 – #RCE in #n8n via Arbitrary File Write Authenticated users may upload crafted files that could trigger remote code execution, potentially leading to full instance compromise, affecting both self-hosted and cloud instances. Patch version 1.121.3+. More information:
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Securitycipher @securitycipher.bsky.social
Understanding CVE-2026–21877: Critical RCE Flaw in n8n and What It Means for Your Automation Stack https://ikhaleelkhan.medium.com/understanding-cve-2026-21877-critical-rce-flaw-in-n8n-and-what-it-means-for-your-automation-stack-86df08a46e05?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
Mynameisv @mynameisv.bsky.social
C"est la fête de n8n 😅 CVE-2026-21877 RCE post-auth avec CVSS 3.1: 10 !!? Au pire le base score serait de 9.9 mais c'est post-auth 🤔 github.com/advisories/G... Mais... CVE-2026-21858 RCE pre-auth avec un vrai CVSS 3.1: 10 😨 www.cyera.com/research-lab... Mettez à jour !
  • 0
  • 0
  • 0
  • 14h ago

CVE-2009-0556

Overview

  • Pending
03 Apr 2009
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
47.55%
KEV

Description

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Statistics

  • 6 Posts
  • 2 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
Ján Trenčanský @j91321

Huh, CVE-2009-0556 added to KEV? :blobcateyes: cisa.gov/news-events/alerts/20

  • 0
  • 1
  • 0
  • 17h ago
Profile picture
ghosts :ghost_owo: @ghostsarespooky

Sorry, CVE-2009-0556 added to KEV... today?

  • 0
  • 1
  • 0
  • 17h ago

Bluesky

Profile picture
Calimeg @calimegai.bsky.social
La #CISA signale des failles exploitées dans #MicrosoftOffice et HPE OneView. Deux vulnérabilités critiques ajoutées au catalogue KEV, dont CVE-2009-0556 (score 8,8) liée à une injection de code. ⚠️ #CyberSecurity #IA #InnovationIA https://kntn.ly/5478e0e7
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA adds two actively exploited vulnerabilities, CVE-2009-0556 (MS PowerPoint) and CVE-2025-37164 (HPE OneView), to its KEV catalog. - IOCs: CVE-2009-0556, CVE-2025-37164 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
キタきつね @kitafox.bsky.social
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Jan 7) CVE-2009-0556 Microsoft Office PowerPoint コードインジェクションの脆弱性 CVE-2025-37164 HPE OneView コードインジェクション脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
CISA added two actively exploited vulnerabilities—CVE-2009-0556 in Microsoft PowerPoint and CVE-2025-37164 in HPE OneView—to its KEV catalog; agencies must apply patches.
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-59470

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 5 Posts
Last activity: 11 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Veeam has released an update for its Backup & Replication solution to patch several remote code execution vulnerabilities (CVE-2025-59470, CVE-2025-55125, CVE-2025-59469, CVE-2025-59468). These flaws, discovered internally by Veeam, affect version 13.0.1.180 and earlier, and while not reported as exploited in the wild, they require privileged access for exploitation and have been assigned high severity ratings.
securityweek.com/several-code-

  • 0
  • 0
  • 0
  • 22h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨 Multiple Veeam CVEs Identified: Critical Flaws Allow RCE and High-Privilege Actions

CVE-2025-55125:

A flaw that allows a Backup or Tape Operator to achieve remote code execution (RCE) as root by crafting a malicious backup configuration file.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59468:

A vulnerability enabling a Backup Administrator to execute remote code as the postgres user by supplying a malicious password parameter.

▪️Severity: Medium
▪️CVSS v3.1: 6.7
▪️Source: Discovered during internal testing

CVE-2025-59469

A security issue that allows a Backup or Tape Operator to write arbitrary files with root privileges.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59470

A vulnerability that permits a Backup or Tape Operator to achieve remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

▪️CVSS Severity: Critical
▪️CVSS v3.1: 9.0
▪️Source: Discovered during internal testing

Veeam: veeam.com/kb4738
Blog format: darkwebinformer.com/multiple-v

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
PCI Guru @jbhall56.bsky.social
Tracked as CVE-2025-59470, this RCE security flaw affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds. www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 1
  • 22h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical RCE Flaw in Veeam Backup & Replication: CVE-2025-59470 with CVSS 9.0 https://www.cyberhub.blog/article/17746-critical-rce-flaw-in-veeam-backup-replication-cve-2025-59470-with-cvss-90
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-14558

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
Security Land @securityland

CVE-2025-14558 is a 9.8-severity vulnerability in FreeBSD's IPv6 auto-configuration that lets attackers execute arbitrary code with a single crafted network packet. FreeBSD released patches on December 16, 2024, but the threat escalated when multiple proof-of-concept exploits hit GitHub about two weeks ago.

Read More: security.land/freebsd-ipv6-fla

#SecurityLand #CyberWatch #FreeBSD #Cybersecurity #VulnerabilityManagement #IPv6 #CVE

  • 1
  • 3
  • 0
  • 23h ago

Bluesky

Profile picture
Security Land @security.land
FreeBSD CVE-2025-14558: 9.8-severity IPv6 flaw lets attackers execute code via crafted packets. Patched Dec 16, but PoC exploits dropped 2 weeks ago. Read More: www.security.land/freebsd-ipv6... #SecurityLand #CyberWatch #FreeBSD #Cybersecurity #IPv6 #CVE #Vulnerability
  • 0
  • 1
  • 0
  • 23h ago

CVE-2025-12543

Overview

  • Red Hat
  • Red Hat build of Apache Camel for Spring Boot 4
  • undertow-core
07 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Statistics

  • 3 Posts
  • 5 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
cR0w @cR0w

access.redhat.com/security/cve

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

  • 1
  • 4
  • 0
  • 19h ago
Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-12543 - Critical (9.6)

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malform...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 19h ago

CVE-2025-68428

Overview

  • parallax
  • jsPDF
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.06%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
Sam Stepanyan :verified: 🐘 @securestep9

: Critical Path Traversal Vulnerability (CVE-2025-68428) in jsPDF - a widely-adopted package for generating PDF documents in JavaScript applications allows attackers to read & exfiltrate arbitrary files from the local filesystem:
👇
endorlabs.com/learn/cve-2025-6

  • 1
  • 1
  • 1
  • 19h ago

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Critical LFI/path traversal in jsPDF (<4.0) allows attacker-controlled paths in Node.js builds to include local filesystem data into generated PDFs (CVE-2025-68428).
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-13151

Overview

  • GnuTLS
  • libtasn1
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Statistics

  • 3 Posts
  • 4 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture
cR0w @cR0w

Reset the "Days since ASN1 vuln" sign to 0.

cve.org/CVERecord?id=CVE-2025-

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

  • 0
  • 4
  • 0
  • 15h ago
Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-13151 - High (7.5)

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 14h ago

CVE-2026-0625

Overview

  • D-Link
  • DSL-2640B
05 Jan 2026
Published
07 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
1.35%
KEV

Description

Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution. The affected endpoint is also associated with unauthenticated DNS modification (“DNSChanger”) behavior documented by D-Link, which reported active exploitation campaigns targeting firmware variants of the DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B models from 2016 through 2019. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC). Affected devices were declared end-of-life/end-of-service in early 2020.

Statistics

  • 3 Posts
Last activity: 22 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A zero-day OS command injection vulnerability (CVE-2026-0625) has been exploited in discontinued D-Link gateway devices, allowing remote attackers to execute arbitrary shell commands. D-Link advises users to retire and replace these legacy devices as they will not receive a patch.
securityweek.com/hackers-explo

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture
PCI Guru @jbhall56.bsky.social
Tracked as CVE-2026-0625 (CVSS score of 9.3), the security defect exists because the dnscfg.cgi library does not properly sanitize user-supplied DNS configuration parameters. www.securityweek.com/hackers-expl...
  • 0
  • 0
  • 1
  • 22h ago

CVE-2002-0367

Overview

  • Pending
02 Apr 2003
Published
22 Oct 2025
Updated
CVSS
Pending
EPSS
0.68%
KEV

Description

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Statistics

  • 3 Posts
  • 3 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
Ravi Nayyar @ravirockks

'In 2025, the number of vulnerabilities from 2024 and earlier added to the catalog grew to 94, a 34% increase from a year earlier.

'The oldest vulnerability added to the KEV catalog in 2025 was CVE-2007-0671, a Microsoft Office Excel Remote Code Execution vulnerability.

'The oldest vulnerability in the catalog remains one from 2002 – CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 smss.exe debugging subsystem that has been known to be used in ransomware attacks'.
cyble.com/blog/cisa-kev-2025-e

  • 2
  • 1
  • 1
  • 11h ago

Bluesky

Profile picture
Ravi Nayyar @ravirockks.bsky.social
'The oldest vulnerability in the catalog remains one from 2002 – CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 smss.exe debugging subsystem that has been known to be used in ransomware attacks'. cyble.com/blog/cisa-ke...
  • 0
  • 0
  • 0
  • 11h ago
Showing 1 to 10 of 98 CVEs