n8n平台发现严重安全漏洞(CVE-2026–21858),CVSS评分满分10分。该漏洞源于文件处理机制中的内容类型混淆问题,允许未认证攻击者绕过文件上传限制并上传恶意文件,可能导致数据泄露或系统控制权被夺取。 2026-1-10 08:4:13 Author: infosecwriteups.com(查看原文) 阅读量:6 收藏
Press enter or click to view image in full size
A severe security vulnerability has been discovered in n8n, the popular workflow automation platform, that poses an urgent threat to organizations worldwide. Identified as CVE-2026–21858, this critical flaw has received the maximum CVSS severity score of 10.0, signaling the highest possible risk level for affected systems.
Understanding the Vulnerability
At its core, CVE-2026–21858 exploits a content-type confusion bug within n8n’s file handling mechanisms. This seemingly technical issue creates a dangerous opening that attackers can leverage with alarming ease and devastating consequences.
The vulnerability allows unauthenticated attackers — meaning those without any legitimate credentials or access — to bypass standard file-upload restrictions by manipulating HTTP request headers. This manipulation tricks the system into accepting malicious file uploads that would normally be blocked by security controls.
The Attack Chain
What makes this vulnerability particularly dangerous is how attackers can chain multiple exploitation techniques:
Initial Access: By exploiting the content-type confusion, threat actors gain the ability to read sensitive internal files…
如有侵权请联系:admin#unsafe.sh