CVE-2026-21858

Overview

n8n-io
n8n

07 Jan 2026

Published

08 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.03%

MITRE

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

10 Posts
34 Interactions

Last activity: 3 hours ago

Fediverse

hrbrmstr 🇺🇦 🇬🇱 🇨🇦 @hrbrmstr

this was some great and necessary debunking of the ridiculous attempt at a "look how cool we are” CVE assignment.

between this and the "it's actually not a real vuln from an internet-perspective" for the recent daft D-Link CVE assignment, the cyber part of 2026 is off to a really horrible start.

https://horizon3.ai/attack-research/attack-blogs/the-ni8mare-test-n8n-rce-under-the-microscope-cve-2026-21858/

5
3
0
3h ago

buherator @buherator

[RSS] The Ni8mare Test: n8n RCE Under the Microscope (CVE-2026-21858)

https://horizon3.ai/attack-research/attack-blogs/the-ni8mare-test-n8n-rce-under-the-microscope-cve-2026-21858/

4
3
0
8h ago

Ian Wardell, J.D. @cytechlaw

A good reminder to secure your n8n hosts, and not to open up things to the internet if you don't absolutely have to.

#security
https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

0
0
0
13h ago

CERT-Bund @certbund

🚨 Kritische Schwachstellen in n8n

In den letzten drei Wochen wurden vier kritische Schwachstellen (CVE-2025-68613, CVE-2025-68668, CVE-2026-21858, CVE-2026-21877) in der Open-Source Workflow-Automatisierungsplattform n8n gemeldet, die von Angreifenden ausgenutzt werden können, um beliebigen Programmcode auszuführen und die Systeme ggf. vollständig zu kompromittieren.

Betroffene Systeme sollten zeitnah auf eine aktuelle Version gebracht werden.

7
3
0
5h ago

Günter Born @gborn

Nutzt wer die "Automatisierungs-Plattform" n8n? Die ist sicherheitstechnisch löchrig wie ein Schweizer Käse. Liste des CVE-Grauens (Base Score bis 10.0) der letzten Tage. #n8mare

https://borncity.com/blog/2026/01/08/sicherheitsdesaster-bei-automatisierungsplattform-n8n-cve-2026-21877-cve-2025-68668-cve-2026-21858/

1
1
0
9h ago

CERT-Bund @certbund

Details zu den einzelnen Schwachstellen:

CVE-2025-68613 (betrifft Versionen vor 1.20.4)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp

CVE-2025-68668 (betrifft Versionen vor 2.0.0)
https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v

CVE-2026-21858 (betrifft Versionen vor 1.121.0)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg

CVE-2026-21877 (betrifft Versionen vor 1.121.3)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263

3
2
0
5h ago

Bluesky

Rapid7 @rapid7.com

🚨 In November 2025, a critical vuln. was patched in #n8n, a popular piece of automation software. The advisory for (what the finders have dubbed) #Ni8mare was published on January 7, 2026 – now tracked as CVE-2026-21858 with a CVSS score of 10.0. More: r-7.co/3Z3aGBP

1
0
0
18h ago

buherator @buherator.bsky.social

[RSS] The Ni8mare Test: n8n RCE Under the Microscope (CVE-2026-21858) horizon3.ai -> Original->

0
0
0
8h ago

CyberHub @cyberhub.blog

📌 Critical n8n Vulnerability (CVE-2026-21858) Allows Unauthenticated Takeover https://www.cyberhub.blog/article/17800-critical-n8n-vulnerability-cve-2026-21858-allows-unauthenticated-takeover

0
0
0
7h ago

Mynameisv @mynameisv.bsky.social

C'est un beau début d'année pour la FrenchTech avec : 💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @chocapikk.bsky.social 💥 Vuln Livewire CVE-2025-54068* par @w0rty.bsky.social et @remsio.bsky.social Bravo à vous 🎉 et bonne année 2026 😄 *allez.... fin 2025 c'est presque début 2026 😅

0
1
0
6h ago

CVE-2026-21877

Overview

n8n-io
n8n

08 Jan 2026

Published

08 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.05%

MITRE

KEV

Description

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

Statistics

6 Posts
22 Interactions

Last activity: 4 hours ago

Fediverse

Dr. Christopher Kunz @christopherkunz

Uh... how is https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263 (CVE-2026-21877) a 10.0 with PR:L? That is not possible, either it's a 9.9 or it has PR:N.

1
4
0
4h ago

Hackread.com @Hackread

n8n users need to update immediately after a CVSS 10.0 (CVE-2026-21877) authenticated remote code execution flaw was found that could let an attacker take over the system. Update to version 1.121.3 or higher and restrict privileges now.

Read: https://hackread.com/n8n-users-patch-full-system-takeover-vulnerability/

#n8n #Cybersecurity #Vulnerability #Infosec

0
0
0
19h ago

CERT-Bund @certbund

🚨 Kritische Schwachstellen in n8n

In den letzten drei Wochen wurden vier kritische Schwachstellen (CVE-2025-68613, CVE-2025-68668, CVE-2026-21858, CVE-2026-21877) in der Open-Source Workflow-Automatisierungsplattform n8n gemeldet, die von Angreifenden ausgenutzt werden können, um beliebigen Programmcode auszuführen und die Systeme ggf. vollständig zu kompromittieren.

Betroffene Systeme sollten zeitnah auf eine aktuelle Version gebracht werden.

7
3
0
5h ago

Günter Born @gborn

Nutzt wer die "Automatisierungs-Plattform" n8n? Die ist sicherheitstechnisch löchrig wie ein Schweizer Käse. Liste des CVE-Grauens (Base Score bis 10.0) der letzten Tage. #n8mare

https://borncity.com/blog/2026/01/08/sicherheitsdesaster-bei-automatisierungsplattform-n8n-cve-2026-21877-cve-2025-68668-cve-2026-21858/

1
1
0
9h ago

CERT-Bund @certbund

Details zu den einzelnen Schwachstellen:

CVE-2025-68613 (betrifft Versionen vor 1.20.4)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp

CVE-2025-68668 (betrifft Versionen vor 2.0.0)
https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v

CVE-2026-21858 (betrifft Versionen vor 1.121.0)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg

CVE-2026-21877 (betrifft Versionen vor 1.121.3)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263

3
2
0
5h ago

Bluesky

Hackread.com @hackread.bsky.social

n8n users need to update immediately after a CVSS 10.0 (CVE-2026-21877) authenticated remote code execution flaw was found that could let an attacker take over the system. Read: hackread.com/n8n-users-pa... #n8n #Cybersecurity #Vulnerability #Infosec

0
0
0
19h ago

CVE-2025-69258

Overview

Trend Micro, Inc.
Trend Micro Apex Central

08 Jan 2026

Published

09 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.15%

MITRE

KEV

Description

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

Statistics

4 Posts

Last activity: 4 hours ago

Fediverse

TechNadu @technadu

PoC exploits are now public for CVE-2025-69258 in Trend Micro Apex Central (on-premise), a vulnerability that could allow unauthenticated RCE on affected systems.

A patch is available, and there are no confirmed exploitation reports so far. Public PoCs, however, tend to accelerate attacker interest.

Follow @technadu for objective and technically grounded infosec updates.

Source: https://www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/

#Infosec #VulnerabilityDisclosure #PatchManagement #RCE #EnterpriseSecurity #ThreatLandscape

0
0
0
5h ago

Bluesky

キタきつね @kitafox.bsky.social

Trend Micro Apex Central における認証されていない RCE の PoC が公開されました (CVE-2025-69258) PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) #HelpNetSecurity (Jan 8) www.helpnetsecurity.com/2026/01/08/t...

0
0
0
15h ago

TechNadu @technadu.com

PoCs have been released for CVE-2025-69258 in Trend Micro Apex Central (on-premise). The issue could allow unauthenticated RCE on unpatched systems. Fixes are available, and no active exploitation has been confirmed yet. #CyberSecurity #Infosec #Vulnerabilities #PatchManagement #EnterpriseIT

0
0
0
5h ago

Giovanni Popolizio @giovanni-popolizio.bsky.social

Trend Micro Apex Central: Vulnerabilità RCE con CVSS 9.8 Vulnerabilità Critica RCE Apex Central è, per molte aziende, il cuore silenzioso della sicurezza. È la console che governa... www.aiutocomputerhelp.it?p=16524 #Apex_Central #CVE_2025_69258 #CVE_2025_69259 #CVE_2025_69260 #news #Vulnerabilità

0
0
0
4h ago

CVE-2026-20029

Overview

Cisco
Cisco Identity Services Engine Software

07 Jan 2026

Published

07 Jan 2026

Updated

CVSS v3.1

MEDIUM (4.9)

EPSS

0.03%

MITRE

KEV

Description

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.  This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.

Statistics

3 Posts

Last activity: 9 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Cisco patched an ISE/ISE-PIC XML parsing vulnerability (CVE-2026-20029) that allows authenticated admin-level attackers to read arbitrary sensitive files; a public POC exists.

0
0
0
21h ago

Ethical Hacking Consultores @ehcgroup.bsky.social

Cisco corrige vulnerabilidad en ISE, tras publicación de un exploit. La vulnerabilidad, CVE-2026-20029 (CVSS: 4.9), podría permitir que un atacante remoto autenticado con privilegios administrativos acceda a información confidencial. #ciberseguridad #cybersecurity www.linkedin.com/pulse/cisco-...

0
0
0
22h ago

ohhara @shiojiri.com

Cisco ISEの脆弱性についてシスコが注意喚起、エクスプロイトコードが出回る：CVE-2026-20029 | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43338/

0
0
0
9h ago

CVE-2025-52691

Overview

SmarterTools
SmarterMail

29 Dec 2025

Published

09 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

10.87%

MITRE

KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

4 Posts
19 Interactions

Last activity: 20 hours ago

Fediverse

cR0w @cR0w

Get your popcorn, it's time for another watchTowr Labs post. This one is a pre-auth RCE in SmarterMail. :blobcatpopcorn:

https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

7
12
0
21h ago

Bluesky

r/netsec bot @r-netsec.bsky.social

Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) - watchTowr Labs

0
0
2
20h ago

CVE-2025-37164

Overview

Hewlett Packard Enterprise (HPE)
HPE OneView

16 Dec 2025

Published

08 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

81.31%

MITRE

KEV

Description

A remote code execution issue exists in HPE OneView.

Statistics

3 Posts

Last activity: Last hour

Bluesky

キタきつね @kitafox.bsky.social

最近修正されたHPE OneViewの脆弱性が悪用されている（CVE-2025-37164） Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) #HelpNetSecurity (Jan 8) www.helpnetsecurity.com/2026/01/08/h...

0
0
0
15h ago

guardian360.bsky.social @guardian360.bsky.social

CVE-2025-37164, which received a 10 CVSS score, was added to CISA's Known Exploited Vulnerabilities (KEV) catalog Wednesday. The remote code execution (RCE) vulnerability was first disclosed by HPE Dec.

0
0
0
Last hour

Sami Laiho @samilaiho.com

CISA Adds Two Known Exploited Vulnerabilities to Catalog URL: www.cisa.gov/news-events/... Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 10.0 CVEs: CVE-2009-0556, CVE-2025-37164

0
0
0
10h ago

CVE-2025-59470

Overview

Veeam
Backup and Recovery

08 Jan 2026

Published

09 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.0)

EPSS

0.22%

MITRE

KEV

Description

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

Statistics

3 Posts
3 Interactions

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-59470 - Critical (9)

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59470/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
0
20h ago

cR0w @cR0w

CVEs are now published for this.

https://www.cve.org/CVERecord?id=CVE-2025-55125

https://www.cve.org/CVERecord?id=CVE-2025-59468

https://www.cve.org/CVERecord?id=CVE-2025-59469

https://www.cve.org/CVERecord?id=CVE-2025-59470

1
2
0
23h ago

Bluesky

CyberHub @cyberhub.blog

📌 Veeam Patches Critical RCE Flaw in Backup & Replication Software (CVE-2025-59470) https://www.cyberhub.blog/article/17803-veeam-patches-critical-rce-flaw-in-backup-replication-software-cve-2025-59470

0
0
0
5h ago

CVE-2021-44228

Overview

Apache Software Foundation
Apache Log4j2

10 Dec 2021

Published

21 Oct 2025

Updated

CVSS

Pending

EPSS

94.36%

MITRE

KEV

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

1 Post
20 Interactions

Last activity: 18 hours ago

Fediverse

nono @nono

Cloudflare has even bragged on their blog¹ about how they run data analytics on all of the web requests going through their system. This data may be collected for government surveillance purposes as well.

1: https://blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns/

11
9
0
18h ago

CVE-2025-65518

Overview

Pending

08 Jan 2026

Published

08 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.

Statistics

2 Posts
4 Interactions

Last activity: 20 hours ago

Fediverse

cR0w @cR0w

DoS in Plesk.

https://github.com/Jainil-89/CVE-2025-65518/blob/main/cve.md

1
3
0
21h ago

TheHackerWire @thehackerwire

🟠 CVE-2025-65518 - High (7.5)

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web inter...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65518/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda