Have all self hosted users of N8N updated yet for CVE-2026-21858, known as Ni8mare?

🔥

CVE-2026-21858, known as Ni8mare, is a critical vulnerability affecting self-hosted n8n instances running versions earlier than 1.121.0. It is a CVE 10 the highest severity.

Under certain conditions, security researchers found it can allow unauthenticated attackers to access sensitive data and potentially take control of the server.

The vulnerability was reported to n8n by security researchers on November 9, 2025, and publicly disclosed on January 7, 2026, a gap of about 59 days which is roughly 8.5 weeks.

As of January 14, 2026, multiple independent scans and threat intelligence sources report that tens of thousands of self-hosted n8n instances exposed on the public internet remain vulnerable to CVE-2026-21858:

• Nearly 60,000 n8n instances are still exposed online and unpatched against Ni8mare according to recent scanning data (mid January 2026)

• Internet security watchdog Shadowserver observed about 105,753 unpatched n8n instances exposed, with 59,558 still accessible at the latest count, including hosts in the U.S. and Europe.(mid January 2026)

• Other tracking (e.g., Censys datasets) lists around 26,512 reachable vulnerable hosts as part of ongoing exposure measurements. (mid January 2026)

In summary, depending on the scanning source and methodology, multiple tens of thousands (on the order of ~26,000 to ~60,000+) of self-hosted n8n accounts/instances remain exposed and at risk if they have not been updated to version 1.121.0 or later.

(mid January 2026)

If you haven’t heard of this yet, here’s the source list for you to check:

Cyera Research Labs

n8n Official Security Advisory (GitHub Security Advisory for CVE-2026-21858)

The Hacker News

SecurityWeek

BleepingComputer

Censys

Shadowserver Foundation

Security Affairs

CSO Online

NIST National Vulnerability Database (NVD)