Hey friends! Hope everyone's 2026 is off to a fantastic start. Sorry for posting this across multiple communities but it is a 10/10 security risk. A serious vulnerability (CVE-2026-21858) was publicly disclosed this week affecting all n8n versions before 1.121.0. ⚠️ What you need to know: - Severity: CVSS 10.0 (this is the HIGHEST it can be!!) - Risk: Unauthenticated remote code execution via webhook endpoints - Impact: Attackers can access your n8n instance without credentials, read files, execute code, and pivot to any connected systems (databases, APIs, cloud storage, CRMs, etc.) 🔍 How it works: The vulnerability exploits how n8n handles Content-Type headers on webhooks. By manipulating these headers, attackers can overwrite internal variables and escalate to full system compromise. 🛠️ What to do: 1. Check your version: Settings > About (or n8n --version) 2. If below 1.121.0: Update immediately 3. n8n Cloud users: You should already be patched, but verify 🔑 Why this matters: n8n typically holds keys to your entire stack - API tokens, OAuth credentials, database connections. A compromised instance means a compromised everything it touches. The fix has been available since November 18, 2025 but there has been a surge of articles published about this issue the last couple days. If you have an old n8n instance running, make sure you update the version! Stay safe out there! 🙏 Article to more information here: https://www.theregister.com/2026/01/08/n8n_rce_bug/