CVE-2026-21858

This repository contains a fully automated Python exploit for CVE-2026-21858 and CVE-2025-68613, chaining unauthenticated arbitrary file read, admin token forgery, and sandbox bypass to achieve remote code execution on n8n instances. The exploit leverages Content-Type confusion for file read and expression injection for RCE.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in the n8n workflow automation platform. It includes root cause analysis, CVSS scoring, affected versions, and remediation steps.

This repository contains a Python-based scanner for detecting CVE-2026-21858, a critical RCE vulnerability in n8n Workflow Automation Platform versions 1.65.0 to 1.120.x. The tool performs version fingerprinting by analyzing the `/signin` endpoint and does not include exploit code.

The repository contains no actual exploit code or technical details, only a link to an external GitHub repository. This is indicative of a social engineering lure rather than a legitimate PoC.

This PoC exploits CVE-2026-21858 in n8n 1.120.4 by leveraging a Form Trigger workflow to extract sensitive assets (e.g., SECRET_KEY, admin credentials) and achieve remote code execution (RCE) via workflow manipulation.

This repository contains a fully automated Python exploit for CVE-2026-21858 and CVE-2025-68613, chaining unauthenticated arbitrary file read with token forgery and sandbox bypass to achieve remote code execution on n8n instances. The exploit is well-documented and includes detailed technical analysis of the vulnerabilities.

This repository contains a functional exploit for CVE-2026-21858 and CVE-2025-68613, demonstrating an unauthenticated RCE chain in n8n. The exploit leverages arbitrary file read via Content-Type confusion and expression injection for sandbox bypass.

CVE-2026-21858 is a critical unauthenticated vulnerability in n8n workflow automation platform due to improper Content-Type header validation, enabling arbitrary file read, credential extraction, and potential RCE.

This repository contains a non-invasive scanner for detecting CVE-2026-21858, a critical vulnerability in n8n workflow automation software. The tool checks versions and scans live instances without exploiting the vulnerability.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in n8n workflow automation platform. It includes root cause analysis, affected versions, exploitation details, and remediation steps.

This repository contains a detailed technical analysis and a working Python exploit for CVE-2026-21858, a critical vulnerability in n8n's Form Webhook node. The exploit leverages Content-Type confusion to achieve arbitrary file reads, session forgery, and ultimately RCE via the 'Execute Command' node.

This repository provides a detailed technical analysis of CVE-2026-21858, a vulnerability in n8n involving Content-Type confusion leading to arbitrary file read and RCE. It includes a comprehensive attack chain breakdown but lacks functional exploit code.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in n8n workflow automation platform. It includes root cause analysis, CVSS scoring, affected versions, and remediation steps.

This PoC exploits an unauthenticated RCE chain in n8n < 1.121.0 by leveraging CVE-2026-21858 for arbitrary file read to extract credentials and forge a JWT token, followed by CVE-2025-68613 for expression injection leading to command execution.

This repository provides a detailed technical analysis of CVE-2025-29943, a hardware vulnerability in AMD processors affecting SEV-SNP virtual machines. It includes scripts for setup, build, and testing but lacks actual exploit code.

This Metasploit module exploits CVE-2026-21858, a content-type confusion flaw in n8n's webhook handling, enabling unauthenticated arbitrary file read and session extraction. It leverages a crafted JSON payload to bypass authentication and read sensitive files.