View Transcript
Episode Description
Security researchers Dor Attias and Ofek Itach demonstrate a critical CVSS 10.0 n8n vulnerability (CVE-2026-21858). Watch the full RCE exploit demo using type confusion to bypass authentication and read sensitive local files.
// Dor Attias SOCIAL //
LinkedIn: / dor-attias-740758155
// Ofek Itach SOCIAL //
LinkedIn: / ofek-it
// N8N Hack Blog
https://www.cyera.com/research-labs/n...
// Cyera Blog //
https://www.cyera.com/blog
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming up
0:56 - n8n vulnerability explained
02:33 - n8n hacking demo // How the vulnerability works
09:13 - How bad is it?
11:51 - Vulnerability summary
13:28 - More explained on Cyera blog // Webhooks
16:59 - Webhooks explained
18:09 - Formidable
19:18 - Formidable explained
20:01 - Handling uploaded files in n8n
22:32 - The form webhook node
24:28 - How to exploit
25:54 - Exploit summary
26:46 - How to mitigate
27:37 - How to become a security researcher
32:36 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
// Dor Attias SOCIAL //
LinkedIn: / dor-attias-740758155
// Ofek Itach SOCIAL //
LinkedIn: / ofek-it
// N8N Hack Blog
https://www.cyera.com/research-labs/n...
// Cyera Blog //
https://www.cyera.com/blog
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming up
0:56 - n8n vulnerability explained
02:33 - n8n hacking demo // How the vulnerability works
09:13 - How bad is it?
11:51 - Vulnerability summary
13:28 - More explained on Cyera blog // Webhooks
16:59 - Webhooks explained
18:09 - Formidable
19:18 - Formidable explained
20:01 - Handling uploaded files in n8n
22:32 - The form webhook node
24:28 - How to exploit
25:54 - Exploit summary
26:46 - How to mitigate
27:37 - How to become a security researcher
32:36 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.