This document has been written for the IT teams of organisations and government.

Background

A critical unauthenticated Remote Code Execution (RCE) vulnerability, tracked as CVE2026-21858, has been observed affecting n8n workflow automation platform. The affected version includes 1.65.0 and previous versions.

This vulnerability can be exploited remotely allowing a threat actor to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant privileged access to an unauthenticated remote attacker. The vulnerability enables escalation from arbitrary file read to full RCE in n8n.

Mitigation advice

ASD’s ACSC advises organisations to follow mitigation advice provided by the n8n – Security Advisory in relation to this vulnerability.

Organisations should upgrade to version 1.121.0 or later to remediate the vulnerability.

Users are also recommended to critically assess the need for these instances to be internet facing and to not expose n8n to the internet unless necessary.

It is further recommended to require authentication for all Forms.

A potential temporary mitigation users may apply is to restrict or disable publicly accessible webhook and form endpoints until upgrading.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).