We were made aware in November of a critical security vulnerability affecting n8n version 1.65-1.120.4. This has been fixed in n8n version 1.121.0 and released to our entire customer base on November 18, 2025. We’re reaching out to ensure self-hosted users have the information needed to secure their instances.
What happened
The reported vulnerability affects certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could potentially result in exposure of information stored on the system and may enable further compromise depending on deployment configuration and workflow usage.
An n8n instance is potentially vulnerable if it has an active workflow with a Form Submission trigger and a Form Ending node returning a binary file. Due to improper input validation, such a workflow could, under specific limited conditions, theoretically be exploited to gain read access to the underlying file system. The vulnerable workflow could be exploited by an attacker who can access the form, including unauthenticated callers.
Potential impact
Who is affected:
- Self-hosted instances running versions 1.65-1.120.4
- If you’re running any 2.x version (including any RC/beta), you already have this security fix
- Cloud instances have already been automatically upgraded and are secure
If this vulnerability were exploited, it could lead to:
- In certain configurations, privilege escalation within the n8n instance
- Unauthorized access to sensitive information stored in your n8n instance
Required action
If you’re running version 1.65-1.120.4: Please update your n8n instance to version 1.121.0 (or later) as soon as possible. This version contains the necessary security fixes.
If you’re running any 2.x version (including any RC/beta): No action needed - you already have this security fix.
FAQ
Is my n8n instance affected?
Your instance is affected if you’re running version 1.65-1.120.4 with an active workflow that has both:
- A Form Submission trigger AND
- A Form Ending node returning a binary file
If you’re running version 1.121.0 or later, or any 2.x version, you are not affected.
If you’re a Cloud customer, we’ll upgrade and secure your instance in the next 12 hours. You can also start the upgrade from your Cloud dashboard.
You can run this workflow template to scan your instance for potentially vulnerable workflows:
CVE-2026-21858 Scanner v2.json (6.4 KB)
How can I keep track of n8n releases?
Access our release notes here - each one also links to the GitHub commits for detailed information.
How can I keep track of n8n CVEs?
We disclose our CVEs on GitHub.
How is n8n addressing security?
We take an active stance on security through our Vulnerability Disclosure Program. We prioritize responding to reports and things we find ourselves, and we’re committed to transparent disclosure.
Since this issue was patched on November 18, why was it not communicated until now?
We wanted to ensure the patches had been released and offer our customers the opportunity to update on their own timing. We also wanted to reduce the risk of widespread attacks that would likely have occurred if we didn’t have a mitigation in place. Responsible disclosure is something we take seriously, and this allowed us to be more proactive than reactive as we also respond to various other bug reports we’ve received since starting our Vulnerability Disclosure Program
We appreciate your prompt attention to this security update. n8n maintains a proactive security standards through continuous monitoring, regular penetration testing, and a responsible disclosure program. This disclosure participates of our commitment to transparency.