Max severity Ni8mare flaw lets hackers hijack n8n servers

Related breach coverage

• Ni8mare flaw gives unauthenticated control of n8n instances
  2026-01-07

  A critical n8n flaw (CVE-2026-21858, CVSS 10.0), dubbed Ni8mare, allows unauthenticated attackers to fully take over vulnerable instances. Researchers uncovered a maximum severity n8n vulnerability, tracked as CVE-2026-21858 (CVSS score of 10.0). The flaw, dubbed Ni8mare by Cyera researchers who discovered the vulnerability, lets unauthenticated attackers fully compromise affected instances. n8n is a workflow automation […]

• Critical React, Next.js flaw lets hackers execute code on servers
  2025-12-04

  A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. [...]

• Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager
  2026-03-22

  Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web […]

• Fresh MongoDB Vulnerability Exploited in Attacks
  2025-12-29

  Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek.