CVE-2026-21858

This repository contains a fully automated Python exploit for CVE-2026-21858 and CVE-2025-68613, chaining unauthenticated arbitrary file read, admin token forgery, and sandbox bypass to achieve remote code execution on n8n instances. The exploit leverages Content-Type confusion for file read and expression injection for RCE.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in the n8n workflow automation platform. It includes root cause analysis, CVSS scoring, affected versions, and remediation steps.

This repository contains a functional exploit for CVE-2026-21858, targeting an n8n workflow automation vulnerability. The exploit fetches environment variables, extracts database credentials, forges JWT tokens, and executes arbitrary commands via a malicious workflow.

This repository contains a Python-based scanner for detecting CVE-2026-21858, a critical RCE vulnerability in n8n Workflow Automation Platform versions 1.65.0 to 1.120.x. The tool performs version fingerprinting by analyzing the `/signin` endpoint and does not include exploit code.

The repository contains no actual exploit code or technical details, only a link to an external GitHub repository. This is indicative of a social engineering lure rather than a legitimate PoC.

This PoC exploits CVE-2026-21858 in n8n 1.120.4 by leveraging a Form Trigger workflow to extract sensitive assets (e.g., SECRET_KEY, admin credentials) and achieve remote code execution (RCE) via workflow manipulation.

This repository contains a functional exploit for CVE-2026-21858, which chains an arbitrary file read vulnerability with a token forgery and sandbox bypass to achieve remote code execution (RCE) in n8n. The exploit includes a Docker setup for testing and demonstrates the full attack chain from unauthenticated file read to RCE.

Technical analysis of CVE-2026-21858, detailing an authentication bypass and LFI vulnerability in n8n due to improper Content-Type handling, leading to RCE via workflow manipulation.

This PoC exploits CVE-2026-21858 by leveraging arbitrary file read to extract environment variables and database credentials, then forging a JWT token to create and execute a malicious workflow for remote command execution.

This repository contains a fully automated Python exploit for CVE-2026-21858 and CVE-2025-68613, chaining unauthenticated arbitrary file read with token forgery and expression injection to achieve RCE on n8n instances. The exploit leverages Content-Type confusion for file read and sandbox bypass via `this.process.mainModule.require`.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in n8n workflow automation platform. It includes root cause analysis, CVSS scoring, affected versions, and remediation steps.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in n8n workflow automation platform. It includes root cause analysis, affected versions, exploitation details, and remediation steps.

This repository contains a functional exploit for CVE-2026-21858 and CVE-2025-68613, demonstrating an unauthenticated RCE chain in n8n. The exploit leverages arbitrary file read via Content-Type confusion and expression injection for sandbox bypass.

This repository provides a detailed technical analysis of CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in n8n workflow automation platform. It includes root cause analysis, CVSS scoring, affected versions, and remediation steps.

This repository provides a detailed technical analysis of CVE-2026-21858, a vulnerability in n8n involving Content-Type confusion leading to arbitrary file read and RCE. It includes a comprehensive attack chain breakdown but lacks functional exploit code.

This repository contains a fully automated Python exploit for CVE-2026-21858 and CVE-2025-68613, chaining unauthenticated arbitrary file read with token forgery and sandbox bypass to achieve remote code execution on n8n instances. The exploit is well-documented and includes detailed technical analysis of the vulnerabilities.

This PoC exploits an unauthenticated RCE chain in n8n < 1.121.0 by leveraging CVE-2026-21858 for arbitrary file read to extract credentials and forge a JWT token, followed by CVE-2025-68613 for expression injection leading to command execution.

This repository contains a detailed technical analysis and a working Python exploit for CVE-2026-21858, a critical vulnerability in n8n's Form Webhook node. The exploit leverages Content-Type confusion to achieve arbitrary file reads, session forgery, and ultimately RCE via the 'Execute Command' node.

This repository contains a non-invasive scanner for detecting CVE-2026-21858, a critical vulnerability in n8n workflow automation software. The tool checks versions and scans live instances without exploiting the vulnerability.

CVE-2026-21858 is a critical unauthenticated vulnerability in n8n workflow automation platform due to improper Content-Type header validation, enabling arbitrary file read, credential extraction, and potential RCE.

This repository provides a detailed technical analysis of CVE-2025-29943, a hardware vulnerability in AMD processors affecting SEV-SNP virtual machines. It includes scripts for setup, build, and testing but lacks actual exploit code.

This Metasploit module exploits CVE-2026-21858, a content-type confusion flaw in n8n's webhook handling, enabling unauthenticated arbitrary file read and session extraction. It leverages a crafted JSON payload to bypass authentication and read sensitive files.