If your company uses n8n to handle daily tasks, it is time to check your version number. A major security flaw has been found in the platform, and it’s about as serious as it gets. The firm Upwind recently put out an analysis on this problem, which is a “critical authenticated remote code execution vulnerability.”
In simple words, it means that if a hacker gets in, they could take over the whole system. For your information, n8n is a “glue” that connects different apps and databases. Because it sits in the middle of all that data, a security gap here is a massive deal.
What went wrong?
This flaw is officially named CVE-2026-21877 and carries a 10.0 severity score, which is the highest possible danger rating. The technical side of things comes down to an arbitrary file write condition. What happens is that the software lets someone save a file in a place they shouldn’t be allowed to touch. According to researchers, this happens because the system doesn’t properly double-check “untrusted input” before it starts processing data.
Security researcher Théo Lelasseux, who found the bug, noted that while a person needs a valid login to pull this off, once they are inside, they can cause “untrusted code to be executed by the n8n service.” As we know it, these systems can provide access to internal systems, credentials, and sensitive data, so an intruder could do a lot of damage very quickly.
How to stay safe
The research into this flaw was shared with Hackread.com. It turns out a huge range of versions are at risk, specifically 0.123.0 all the way up to 1.121.3. It doesn’t matter if you run the software on your own office servers or use a managed cloud version; you are likely affected.
The fix is simple but urgent; you need to update to version 1.121.3 or higher right now to fully address the vulnerability. It is worth noting that there haven’t been reports of hackers using this yet, but you shouldn’t wait to find out. Besides updating, experts suggest disabling the Git node and making sure only your top-level admins have the right to change how your workflows function.