Critical Ni8mare Vulnerability Exposes n8n Instances to Attack

On January 12, 2026, the cybersecurity landscape was shaken by the discovery of a critical vulnerability known as "Ni8mare" in instances of n8n, a popular workflow automation tool. This vulnerability, tracked as CVE-2026-21858, enables unauthenticated remote attackers to gain complete control over affected systems, posing an unprecedented risk to organizations utilizing this software. With a CVSS score of 10.0, it is imperative for all n8n users to upgrade to version 1.121.0 or later immediately to mitigate the risk of exploitation. The urgency of this patch cannot be overstated, as the potential for widespread compromise is significant given the growing adoption of automation tools in enterprise environments. The incident underscores the critical need for continuous monitoring and timely updates in the face of evolving threats.

Also In Security Today

• BreachForums Data Leak: A significant data leak at BreachForums has compromised approximately 324,000 user accounts, exposing usernames, email addresses, and hashed passwords due to a security lapse during recovery operations from the .hn domain. Read more.

• Microsoft Patch Releases: Microsoft has released its January Patch Tuesday updates, addressing 114 vulnerabilities, including several critical remote code execution flaws. Notably, three zero-day vulnerabilities have been fixed, emphasizing the importance of timely patch management. Read more.

• Ransomware Threats: Recent reports indicate a surge in ransomware attacks targeting healthcare organizations, with threat actors employing double extortion tactics. Security teams are urged to enhance their defenses and response strategies. Read more.