Another n8n security vulnerability has been revealed by Cyera Research Labs. An unauthorized remote attacker can take total control of vulnerable instances thanks to this vulnerability. A function that manages form submissions, which calls a file-handling function, has a flaw.

Version 1.121.0, which was published on November 18, 2025, addresses it. The most recent iterations of the library are 1.123.10, 1.1.5, 2.2.4, and 2.3.0. All versions of n 8n before and including 1.65.0 and 1.120.4 are impacted. See http://www.cyeraresearch.com/vulnerabilities/n8mare-vulnerability-2026-21858-N8mare for the complete advisory.

The security flaw can be used by a malicious actor to read any file from the n8n instance and escalate it to RCE.

For the best protection, users are urged to update to the patched version or later as soon as possible. Restricting or disabling publicly accessible webhook and form endpoints is recommended as a temporary workaround. "The blast radius of a compromised n8N is massive," Cyera stated.

"A compromised n 8n instance means giving attackers the keys to everything—it doesn't just mean losing one system." According to the company, it is also recommended to prevent n8 n from being exposed online and to enforce authentication for all forms. According to Cyera, the vulnerability has been fixed and is no longer active, but a patch is being developed for a later software version. When the fix will be accessible is unclear.