Maximum-severity flaw allows full compromise of n8n instances.

Summary

By the CyberWire staff

Maximum-severity flaw allows full compromise of n8n instances.

Researchers at Cyera have discovered a maximum-security remote code execution flaw (CVE-2026-21858) in the open-source workflow automation platform n8n. The vulnerability, which Cyera calls "Ni8mare," can enable unauthenticated, remote attackers "to access files on the underlying server through execution of certain form-based workflows." This can lead to "exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage."

Cyera estimates that the issue affects approximately 100,000 servers globally. No workaround is available, and users are urged to update to n8n version 1.121.0.

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

US withdraws from Global Forum on Cyber Expertise.

The Trump administration is withdrawing the US from two cybersecurity-focused international organizations, as part of a broader withdrawal from multilateral institutions, the Record reports. President Trump yesterday signed an executive order directing the US to exit 66 international bodies, on the grounds that continued participation is contrary to US interests. Among these institutions are the Global Forum on Cyber Expertise and the European Centre of Excellence for Countering Hybrid Threats. Federal agencies have been instructed to end participation and funding where legally permitted.

US Secretary of State Marco Rubio said in an accompanying statement that the administration "has found these institutions to be redundant in their scope, mismanaged, unnecessary, wasteful, poorly run, captured by the interests of actors advancing their own agendas contrary to our own."

CISA warns of actively exploited maximum-severity HPE OneView flaw.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity HPE OneView vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, BleepingComputer reports. The vulnerability (CVE-2025-37164) was patched on December 17th, and users are advised to apply the fixes promptly. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to patch the flaw by January 28th.

Notes.

Today's issue includes events affecting , and the United States.

Attacks, Threats, and Vulnerabilities

Illinois state agency exposed personal data of 700,000 people (The Record) The Illinois Department of Human Services exposed personal information belonging to more than 700,000 state residents after inadvertently posting the data on the open internet where it remained for as long as four years before being taken down in September.

Cisco warns of Identity Service Engine flaw with exploit code (BleepingComputer) Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges.

Technologies, Techniques, and Standards

Microsoft to enforce MFA for Microsoft 365 admin center sign-ins (BleepingComputer) Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SpaceCom | Space Congress: The Global Conference & Expo for the Commercial Space Industry (Orlando, Florida, USA, Jan 28 - 30, 2026) SpaceCom | Space Congress is where the business of space gets done. As the flagship event of Commercial Space Week—co-located with the Space Mobility Conference and the GSA Spaceport Summit—this event unites aerospace, defense, and commercial leaders for three days of deal-making, partnership building, and technology discovery on the expo floor, in the conference program, and through curated networking that drives real results.

HIP Europe 26 (Frankfurt, Germany, Feb 10, 2026) Get ready to elevate your identity security skills at HIP Europe — your gateway to becoming a Hybrid Identity Protection (HIP) Hero. With the departure of original Active Directory experts and the rise of identity as the primary attack surface, the need for identity threat detection and response (ITDR) talent has never been greater. This event is the perfect opportunity to enhance your (or your team's) ITDR strategy and strengthen your organization's operational resilience.

Wild West Hackin’ Fest @ Mile High 2026 (Denver, Colorado, USA, Feb 11 - 13, 2026) More than just a conference, Wild West Hackin’ Fest (WWHF) is committed to offering high quality information security education to beginners and seasoned professionals alike. With reasonably priced training, conferences, hands-on labs, and workshops, WWHF lowers the barrier to entry for those seeking to enter into the world of information security. WWHF also offers a venue for those already established in the industry to share ideas, give back, and continue learning.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 01.08.26

Top stories.

Maximum-severity flaw allows full compromise of n8n instances.

US withdraws from Global Forum on Cyber Expertise.

CISA warns of actively exploited maximum-severity HPE OneView flaw.

Notes.

Attacks, Threats, and Vulnerabilities

Technologies, Techniques, and Standards

Events