A new year, the same mission: raising awareness of critical vulnerabilities. Our CVE of the Week series continues in 2026 to help you stay ahead of emerging security risks. Let’s get started.

Our first choice in 2026 is a vulnerability in n8n automation platform, where potential attackers can access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker.

The software got popular in the last year, it has over 100 million Docker pulls with 100,000 servers potentially exposed, according to Cyera Research Labs.

Because n8n plays a key role in enterprise automation – integrating with Google Drive, Salesforce, OpenAI, CI/CD pipelines, payment processors, and more – the impact of a compromised server could be massive, the vendor warns.

The vulnerability, nicknamed “Ni8mare” carries a critical CVSS score of 10.0, underlining the urgency of patching affected versions.

Affected versions are the between version 1.65.0 and 1.121.0. This issue is fixed in version 1.121.0.

We highly recommend updating the platform as soon as possible.

Official Cyera report: https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 2 – Wake up from this “Ni8mare”

5 – 11 Jan 2026

A new year, the same mission: raising awareness of critical vulnerabilities. Our CVE of the Week series continues in 2026 to help you stay ahead of emerging security risks. Let’s get started.

WAM Morocco debuts in Casablanca, 20–22 January 2026

Third Party & Supply Chain Cyber Security Summit: Middle East Edition

WAM World Advanced Manufacturing & Logistics – Saudi

CyAN APAC Event – February 2026

The Cyber Outstanding Security Performance Awards