Agents
CVE-2026-21858 CVSS 10.0: n8n AI Workflow Platform Unauthenticated File Leakage via Web Forms Enables Full Server Takeover
A critical (CVSS 10.0) vulnerability in the n8n AI workflow automation platform allows unauthenticated attackers with access to any n8n web form to leak arbitrary internal server files. The flaw requires no credentials and targets the platform's web form interface — a common attack surface in enterprise deployments where n8n forms are exposed for external workflow triggers. n8n is widely deployed as an agentic workflow orchestrator with native AI node support; this vulnerability continues the 'shipped-insecure' pattern observed in Langflow (allow_dangerous_code) and represents a direct risk to agent workflows that process sensitive data.
Source
↳ Follow the thread