¡¾·ì϶¹«¸æ¡¿n8n Webhook ÒªÇó´¦Öò»µ±µ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄÎļþ½Ó¼û·ì϶(CVE-2026-21858)

°ä²¼¹¦·ò 2026-01-08

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

n8n Webhook ÒªÇó´¦Öò»µ±µ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄÎļþ½Ó¼û·ì϶

CVE   ID

CVE-2026-21858

·ì϶ÀàÐÍ

Éí·ÝÑé֤ȱʧ

·¢ÏÖ¹¦·ò

2026-1-8

·ì϶ÆÀ·Ö

10

·ì϶µÈ¼¶

ÑϳÁ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


n8nÊÇÒ»¸ö¿ªÔ´µÄ¹¤×÷Á÷×Ô¶¯»¯¹¤¾ß£¬Ö¼ÔÚÔ®ÊÖÓû§Í¨¹ýͼÐλ¯½çÃæÉè¼ÆºÍ×Ô¶¯»¯¸÷À๤×÷¡£ËüÖ§³Ö¶àÖÖ¼¯³É·½Ê½£¬Äܹ»Óë¶à¶àµÚÈý·½·þÎñºÍÀûÓýøÐÐÏνÓ£¬ÀýÈçÊý¾Ý¿â¡¢API¡¢ÔÆ·þÎñµÈ¡£n8nÌṩ·á˶µÄ½ÚµãºÍ´¥·¢Æ÷£¬Óû§Äܹ»Í¨¹ýÅäÖù¤×÷Á÷À´ÊµÏÖÊý¾Ý´¦Öᢹ¤×÷µ÷¶È¡¢ÏµÍ³¼¯³ÉµÈÖ°ÄÜ¡£Æä¿ÉÀ©´óÐÔÇ¿£¬Ö§³Ö×Ô½ç˵½Úµã£¬ºÏÓÃÓÚ¿ª·¢ÕßºÍÆóÒµÓû§£¬Ô®ÊÖÌá¸ß¹¤×÷ЧÄܺÍ×Ô¶¯»¯Ë®Æ½¡£


2026Äê1ÔÂ8ÈÕ£¬mansion88Ã÷Éý¼¯ÍÅVSRC¼à²âµ½n8nÖдæÔÚÒ»¸öδ¾­Éí·ÝÑéÖ¤µÄÎļþ½Ó¼û·ì϶£¬¹¥»÷Õßͨ¹ýÌØ¶¨µÄ±íµ¥¹¤×÷Á÷ÒªÇóÄܹ»½Ó¼û·þÎñÆ÷ÉϵÄÃô¸ÐÎļþ¡£¸Ã·ì϶Óɲ»µ±µÄwebhookÒªÇó´¦ÖÃÒýÆð£¬¹¥»÷ÕßÀûÓÃÕâÒ»·ì϶¿ÉÄÜÔÚûÓÐÉí·ÝÑéÖ¤µÄÇé¿öÏ£¬Ô¶³Ì½Ó¼ûÎļþ£¬½ø¶øµ¼ÖÂÃô¸ÐÐÅϢй¶¡£·ì϶µÄÑϳÁÐÔÈ¡¾öÓÚ²¿ÊðÅäÖúÍʹÓõŤ×÷Á÷¡£ÔÚijЩÇé¿öÏ£¬¹¥»÷Õß¿ÉÄܽøÒ»²½ÀûÓô˷ì϶¶Ôϵͳ½øÐиüÉîµµ´ÎµÄÈëÇÖ¡£·ì϶ÆÀ·Ö10·Ö£¬·ì϶¼¶±ðÑϳÁ¡£


¶þ¡¢Ó°ÏìÁìÓò


n8n <= 1.65.0


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£
n8n >= 1.121.0


ÏÂÔØÁ´½Ó£ºhttps://github.com/n8n-io/n8n/releases/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858/
https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg