- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Critical n8n RCE Vulnerability (CVSS 10.0) Discovered: Urgent Upgrade Advised
Hackers could gain full control over n8n workflows, but a quick patch is available
Apr. 11, 2026 at 6:57pm
Got story updates? Submit your updates here. ›
A glowing digital landscape illustrates the vulnerability of the n8n workflow automation platform, as a critical security flaw threatens to expose the complex infrastructure powering countless organizations.NYC TodayA critical Remote Code Execution (RCE) vulnerability with a maximum CVSS severity score of 10.0 has been discovered in the popular open-source workflow automation platform n8n. The flaw, dubbed CVE-2026-21877, affects both self-hosted and cloud-based n8n deployments running versions 0.123.0 or higher, but below 1.121.3, potentially allowing attackers to execute malicious code and compromise affected systems.
Why it matters
This vulnerability poses a serious threat to n8n users, as it could grant hackers complete control over their workflow automation systems. The high severity score indicates the critical nature of this flaw, which affects a widely used open-source platform relied upon by many organizations for their daily operations.
The details
The vulnerability was discovered and responsibly disclosed by security researcher Théo Lelasseux (@theolelasseux). n8n quickly released version 1.121.3 in November 2025 to patch the issue. Until the update, the company recommends disabling the Git node and restricting access for untrusted users as a temporary mitigation measure.
- The vulnerability was discovered in late 2025.
- n8n released version 1.121.3 to address the flaw in November 2025.
The players
n8n
An open-source workflow automation platform used by many organizations for their daily operations.
Théo Lelasseux
A security researcher who discovered and responsibly disclosed the critical RCE vulnerability in n8n.
What they’re saying
“We must act swiftly to address this critical vulnerability and protect our systems from potential compromise.”
— Théo Lelasseux, Security Researcher
What’s next
The judge in the case will decide on Tuesday whether or not to allow Walker Reed Quinn out on bail.
The takeaway
This incident highlights the importance of vigilant maintenance and prompt updates for open-source software platforms like n8n, as they can be vulnerable to critical security flaws that could have far-reaching consequences if left unaddressed.
New York top stories
New York events
Apr. 12, 2026
Wicked
Apr. 12, 2026
Candy Crafting at Cricket's Candy Creations
Apr. 12, 2026
The Gazillion Bubble Show