CVE-2026-21858 is an improper input validation vulnerability (CWE-20) found in the n8n open source workflow automation platform. The flaw exists in versions starting from 1.65.0 up to but not including 1.121.0. It arises from insufficient validation of input data in certain form-based workflows, which attackers can exploit to perform unauthorized file access on the underlying server hosting n8n. Because n8n workflows can be configured to process various inputs and trigger actions, a maliciously crafted workflow or input can cause the system to disclose sensitive files without requiring any authentication or user interaction. The vulnerability impacts confidentiality and integrity by exposing sensitive information and potentially enabling further compromise depending on the deployment environment and workflow complexity. The CVSS v3.1 score is 10.0, reflecting the vulnerability's ease of exploitation over the network (AV:N), lack of required privileges (PR:N), no user interaction (UI:N), and a scope change (S:C) that affects resources beyond the vulnerable component. The vulnerability is fixed in version 1.121.0, and users are strongly advised to upgrade. No public exploits have been reported yet, but the critical severity and potential impact make this a high-priority issue for organizations using n8n.

For European organizations, the impact of this vulnerability can be severe. n8n is used for automating workflows that may handle sensitive business data, including personal data protected under GDPR. Unauthorized file access could lead to exposure of confidential information, intellectual property, or personal data, resulting in regulatory penalties, reputational damage, and operational disruption. The ability to access files without authentication increases the risk of lateral movement or further exploitation within the network. Organizations relying on n8n for critical automation tasks may experience workflow disruption or data integrity issues if attackers manipulate workflows post-compromise. Given the critical CVSS score and the potential for broad impact, European enterprises using affected versions must consider this a high-risk vulnerability.

1. Immediately upgrade all n8n instances to version 1.121.0 or later, where the vulnerability is patched. 2. Review and audit existing workflows for any that process untrusted input or expose form-based inputs to external users, and restrict access where possible. 3. Implement network segmentation and firewall rules to limit external access to n8n servers, especially if they are internet-facing. 4. Employ strict input validation and sanitization in custom workflows to reduce risk of injection or unauthorized file access. 5. Monitor logs and network traffic for unusual access patterns or attempts to exploit form inputs. 6. Use application-layer firewalls or web application firewalls (WAFs) to detect and block malicious payloads targeting n8n workflows. 7. Conduct regular security assessments and penetration tests focusing on workflow automation platforms. 8. Educate development and operations teams about secure workflow design and the risks of exposing sensitive automation endpoints.