Hacking n8n: Zero-Auth to Full ADMIN Demo // TRAIN BRAIN

Hacking n8n: Zero-Auth to Full ADMIN Demo

Security researchers Dor Attias and Ofek Itach demonstrate a critical CVSS 10.0 n8n vulnerability (CVE-2026-21858). Watch the full RCE exploit demo using type confusion to bypass authentication and read sensitive local files.
// Dor Attias SOCIAL //
LinkedIn: https://www.linkedin.com/in/dor-attias-740758155/
// Ofek Itach SOCIAL //
LinkedIn: https://www.linkedin.com/in/ofek-it/
// N8N Hack Blog
https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
// Cyera Blog //
https://www.cyera.com/blog
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud: https://soundcloud.com/davidbombal
Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming up
0:56 - n8n vulnerability explained
02:33 - n8n hacking demo // How the vulnerability works
09:13 - How bad is it?
11:51 - Vulnerability summary
13:28 - More explained on Cyera blog // Webhooks
16:59 - Webhooks explained
18:09 - Formidable
19:18 - Formidable explained
20:01 - Handling uploaded files in n8n
22:32 - The form webhook node
24:28 - How to exploit
25:54 - Exploit summary
26:46 - How to mitigate
27:37 - How to become a security researcher
32:36 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#n8n #ni8mare #rce

David Bombal

Want to learn about IT? Want to get ahead in your career? Well, this is the right place! On this channel, I discuss Linux, Python, Ethical Hacking, Networking, CCNA, Virtualization and other IT related topics. This YouTube channel has new videos upload...

The Best Linux Distro For Windows Users: Zorin OS 18

Google Easter Eggs Part 1: Pac-Man and friends

Darknet Bible: The Ultimate OpSec Guide

DELETE These 17 Extensions

Find HIDDEN Files on Google

GM Caught selling your Data

Stop Microsoft Forcing Online Accounts on Windows 11

AI is Killing Cheap PCs

Your Headphones Can SPY

Microsoft Copilot 1-Click HACK

Top 13 Hacking Tools for 2026 (ft. OTW)

India’s Privacy NIGHTMARE

Cybersecurity 2026 WARNING: AI Makes Every System Riskier

900k Users Hacked by Chrome Extension

Elon Musk WARNS Apple

Hacking n8n: Zero-Auth to Full ADMIN Demo

The ls command in 180 seconds

Cybersecurity predictions for 2026. Do you agree?

AI Bubble? Why the Hype Dies but Machine Learning Stays

Google Dorking (Hacking) Part 1: Do you use this one?

Linux Directories in 180s

Invisible AI Data Theft EXPOSED

30 Terabit Attack WARNING

Top 10 Hacking Agentic AI Applications (Real World Hacks)

They banned the Flipper Zero and Raspberry PI again! (Do you agree with this?)

2026 Cybersecurity roadmap: Your path to success with a Master Hacker

What are you going to do in 2026? Tops 5 skills to get!

630 million Hacked more passwords submitted by FBI

Don’t Buy Smart Home Devices?

Why social media bans FAIL

Docker Just Changed GenAI Development Forever

Don't click on these links?

WARNING: 8 million devices affected by Browser Extension

WARNING: AI is a HIGH security risk

UK Banning VPNs?

Update Now!

Kali Linux 2025.4 released! What changed?

WARNING: 4.3 million devices infected with Browser Extension Malware

Is AI code a Security Crisis?

Stop Buying Smart Devices

AI Agent WIPED His Entire Drive

Stop 750 Data Brokers NOW

$600 Smart Toilet Spies on You

Firefox Just Killed Browser Fingerprinting (2025)

Down again! Were you affected?

AI Bear Goes ROGUE

Your Network Isn't READY for AI Agents

Don't Scan That QR Code

Your PC is Watching: Windows Recall & AI Spying EXPOSED

AI Attacking AI: Shadow Ray 2.0

Stop Using Windows: Get Zorin OS

7.6 Million Users Still Rely on This ONE Weak PASSWORD

Black Friday Bot Attack WARNING

Linux Desktop Hits 6% Usage

Your Data Is Being SOLD

Why Cisco Built This AI Device

Quantum Teleportation is REAL

The Cisco AI Pod Explained

Is Your VPN Safe? The Distributed Quantum Threat IS HERE

Your Phone Number Was LEAKED (if you use WhatsApp)

Why We Are MASSIVELY Underestimating AI Infrastructure Demand

Cloudflare Outage 2025 EXPLAINED

90% of a Cyber Attack was AI POWERED

Azure Hit by 3.64B Packet Flood

Hate Shorts? DO THIS

Microsoft’s Huge AI MISTAKE

Apple's Digital ID is a WARNING

Unlock local AI with this new hardware.

The EU's secret plan for your texts

They’ve started banning VPNs now!

How Firefox Will Stop Tracking

Why Governments Are Fleeing Microsoft

The "Bugatti" of Wi-Fi 7 Access Points

Cisco’s INSANE Liquid Switch

AI privacy NIGHTMARE

Is Your Password on This LIST?

AI Agents: The Future of IT Jobs?

Louvre's Password Was WHAT?

Why 3 Countries FEAR These Buses

Why Your Word Docs Aren't Safe