n8n Vulnerability

Dor Attias for Cyera on 2026-01-07:

‍We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability.

(via)

n8n is a workflow automation service that provides various service and data integration components that can be wired together to automate business workflows. They provide an LLM agent component to execute prompts or provide a chat interface to the users of the business process. The details of the exploit are interesting and mostly unrelated to LLM agent vulnerabilities, but a couple sentences at the end of their article stood out to me:

n8n connecting countless systems, your organizational Google Drive, OpenAI API keys, Salesforce data, IAM systems, payment processors, customer databases, CI/CD pipelines, and more. It’s the central nervous system of your automation infrastructure.

Imagine a large enterprise with 10,000+ employees with one n8n server that anyone uses. A compromised n8n instance doesn’t just mean losing one system -  it means handing attackers the keys to everything. API credentials, OAuth tokens, database connections, cloud storage - all centralized in one place.

As software engineers, and as LLM agent systems become more prevalent, we will need to be wary of the security of such systems. LLM agent systems create pressure to centralize data as each usecase "could be implemented so much faster if we only had the data available". Prompt injection or even simply programmer error, like poorly specifying access rights such that unrelated users' data is available to an agent acting on a user's behalf — think enterprise Dropbox or Microsoft OneDrive, can result in disaster when the system has inappropriate access to data.