Alerts

CRITICAL: Patch n8n Now — Unauthenticated RCE Affects 100K Servers

Patch immediately. CVSS 10.0.

A maximum-severity flaw in n8n allows unauthenticated attackers to fully compromise servers and access all connected systems including API keys, databases, and cloud services.

Vulnerability Summary


CVE	CVE-2026-21858
Severity	10.0 CRITICAL
Affected	n8n versions < 1.121.0
Exploited	PoC available
Patch	Upgrade to 1.121.0+

What's at Risk

Attackers can chain this vulnerability to:

Read arbitrary server files without credentials
Extract database and config files
Forge admin session cookies
Execute commands on the underlying system

With n8n's access to connected services (Google Drive, Salesforce, CI/CD pipelines, payment processors), a single compromise can cascade across your entire infrastructure.

Immediate Actions

Upgrade to n8n version 1.121.0 or later
Disable publicly accessible webhook/form endpoints until patched
Audit existing workflows for exposed Form nodes
Review logs for suspicious webhook activity

Who's Affected

Approximately 100,000 self-hosted n8n instances globally. Cloud-managed deployments are less impacted.

Tags: Critical, CVE-2026-21858, n8n, RCE, Patch Now

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version

Read more

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005