■■■■■ CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare – Full Chain Exploit
Unauthenticated to Root RCE:
– LFI via Content-Type confusion
– Read /proc/self/environ to find HOME
– Steal encryption key + database
– Forge admin JWT token
– Expression injection sandbox bypass
– RCE as root
CVSS 10.0
https://github.com/Chocapikk/CVE-2026-21858