Security researchers warn that tens of thousands of systems may be exposed to a critical vulnerability in n8n, a widely used open-source workflow automation platform.
The vulnerability, tracked as CVE-2026-21858, could allow an attacker to bypass automation entirely by using a “content-type confusion” bug in standards modes, according to researchers at Cyera.The vulnerability has a severity score of 10.
The tool is considered critical for AI agents and enterprise automation, according to Cyera.
Researchers warned that compromising an n8n environment could allow an attacker to gain widespread access to sensitive credentials, including Salesforce, AWS and OpenAI.
As of Friday, researchers at Shadowserver found more than 105,000 vulnerable instances out of over 230,000. Those estimates have since fallen to about 59,500.
Researchers at Censys reported more than 26,000 exposed hosts.
Researchers initially notified n8n about the vulnerability in November and patches were released to the customer base on Nov. 18. Users should upgrade to version 1.121.0. There is no current evidence of exploitation.