嗯,用户让我用中文总结这篇文章,控制在100字以内,而且不需要用“文章内容总结”这样的开头。首先,我需要通读整篇文章,抓住主要信息。 文章讲的是n8n这个自动化平台存在一个严重漏洞,叫做Ni8mare。漏洞影响了近6万个在线实例,这些实例没有打补丁。这个漏洞可能导致攻击者控制n8n实例,进而获取敏感信息或进一步入侵。研究人员在11月初报告了这个漏洞,Shadowserver在周末发现了大量暴露的实例。 接下来,我需要把这些信息浓缩到100字以内。重点包括:n8n的用途、漏洞名称、受影响的实例数量、漏洞的影响、发现时间和修复建议。 要注意用简洁的语言表达,避免使用复杂的术语。确保信息准确且完整。 </think> n8n是一款广泛应用于AI开发的开源自动化平台,因存在严重漏洞"Ni8mare"(CVE-2026-21858),导致近6万个在线实例暴露且未修复。该漏洞可使攻击者通过文件上传控制实例,泄露敏感数据或进一步入侵。研究人员于11月初发现并报告此问题,建议用户尽快升级至安全版本以防止攻击。 2026-1-12 14:15:19 Author: www.bleepingcomputer.com(查看原文) 阅读量:0 收藏
Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare."
n8n is an open-source workflow automation platform that allows users to connect different applications and services via pre-built connectors and a visual, node-based interface to automate repetitive tasks without writing code.
The automation platform is widely used in AI development to automate data ingestion and build AI agents and RAG pipelines. It has over 100 million pulls on Docker Hub and over 50,000 weekly downloads on npm.
Since n8n serves as a central automation hub, it often stores API keys, OAuth tokens, database credentials, cloud storage access, CI/CD secrets, and business data, making it an attractive target for threat actors.
Tracked as CVE-2026-21858, this security flaw stems from an improper input validation weakness that allows remote, unauthenticated attackers to take control over locally deployed n8n instances after gaining access to files on the underlying server.
"A vulnerable workflow could grant access to an unauthenticated remote attacker. This could potentially result in exposure of information stored on the system and may enable further compromise depending on deployment configuration and workflow usage," the n8n team explained.
"An n8n instance is potentially vulnerable if it has an active workflow with a Form Submission trigger accepting a file element, and a Form Ending node returning a binary file."
Cyera researchers who discovered Ni8mare and reported it to n8n in early November said that the vulnerability is a content-type confusion in how n8n parses data, which can be exploited to expose secrets stored on the instance, forge session cookies to bypass authentication, inject sensitive files into workflows, or even execute arbitrary commands.
Over the weekend, the Internet security watchdog group Shadowserver found 105,753 unpatched instances exposed online and 59,558 still exposed on Sunday, with more than 28,000 IPs found in the United States and over 21,000 in Europe.
To block potential attacks, admins are advised to upgrade their n8n instances to version 1.121.0 or later as soon as possible.
While n8n developers said that there is no official workaround available for Ni8mare, admins who can't immediately upgrade may be able to block potential attacks by restricting or disabling publicly accessible webhook and form endpoints.
The n8n team also provides this workflow template for admins who want to scan their instances for potentially vulnerable workflows.
7 Security Best Practices for MCP
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
如有侵权请联系:admin#unsafe.sh