EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Max-severity flaws spotlight takeover risk in self-hosted n8n and coolify

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-08 09:53 UTCUpdated 2026-01-08 21:25 UTC
rss
vulnerabilitycveremote_code_executionself_hostedcoolifytakeover_risk
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Maximum-severity n8n flaw lets randos run your automation server
theregister_security · News · go.theregister.com · 2026-01-08 11:40 UTC
View all evidence
Overview

Multiple outlets flagged maximum-severity vulnerabilities affecting self-hosted platforms.

Score total
1.49
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
  • CVE-2026-21858 coverage and analysis landed across multiple outlets in the same 24h window.
  • Rapid7 notes the advisory publication timing and subsequent technical writeups/PoC activity.
  • Coolify’s disclosure adds a parallel high-severity signal for self-hosted operators.
Why it matters
  • Max-severity bugs in self-hosted platforms can translate into full server compromise.
  • Public technical analysis and PoCs can accelerate attacker interest and defender urgency.
  • Chained vulnerabilities can turn limited access into remote code execution scenarios.
LLM analysis
Topic mix: mediumPromo risk: lowSource quality: medium
Recurring claims
  • CVE-2026-21858 is described as a critical (CVSS 10) n8n issue that can enable takeover scenarios, including unauthenticated remote code execution in reporting.
  • Rapid7 describes CVE-2026-21858 as an unauthenticated file read that can lead to remote code execution in some cases when specific file-upload conditions exist, and notes additional authenticated n8n vulnerabilities that
  • Coolify is reported to have multiple critical-severity vulnerabilities that could result in authentication bypass and remote code execution on self-hosted instances.
How sources frame it
  • SecurityWeek: neutral
  • Rapid7: neutral
  • The Register: neutral
  • The Hacker News: neutral
Cluster mixes two products (n8n and Coolify). Narrative focuses on n8n; Coolify is noted as parallel self-hosted risk.
All evidence
All evidence
Critical Vulnerability Exposes n8n Instances to Takeover Attacks
SecurityWeek · securityweek.com · 2026-01-08 13:11 UTC
Maximum-severity n8n flaw lets randos run your automation server
theregister_security · go.theregister.com · 2026-01-08 11:40 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • Rapid7 Blog (1)
  • SecurityWeek (1)
  • theregister_security (1)
  • The Hacker News (1)
Top origin domains (this list)
  • rapid7.com (1)
  • securityweek.com (1)
  • go.theregister.com (1)
  • thehackernews.com (1)