Critical Remote Code Execution Flaw Discovered in n8n Automation Platform

A newly disclosed vulnerability tracked as CVE-2026-21877 has put thousands of organizations at risk after researchers identified a critical remote code execution (RCE) flaw in n8n, a widely used workflow automation platform.

The vulnerability affects self-hosted and enterprise deployments of n8n and allows an authenticated attacker to execute arbitrary system commands on the underlying server. With a CVSS score of 10.0, the flaw represents the most severe class of security issue, enabling full system compromise if exploited.

n8n is commonly used to automate internal business processes, integrate APIs, and handle sensitive data flows between systems. Because of this, a successful exploit could allow attackers to access credentials, move laterally across internal networks, or manipulate automated workflows without immediate detection.

Security researchers warn that this type of vulnerability is particularly dangerous because automation platforms often run with elevated permissions and have access to multiple internal services. In real-world scenarios, attackers could chain this flaw with stolen credentials or exposed admin accounts to gain persistent access.

n8n has released patched versions addressing the issue, and users are strongly advised to update immediately. Organizations unable to patch should restrict access to the platform, review authentication logs, and monitor for suspicious workflow activity.