{"uuid": "287a63b5-0bbe-4b15-b8ee-e4b05a0b9be3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21858", "type": "seen", "source": "https://t.me/brutsecurity/2443", "content": "CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit\n\nUnauthenticated to Root RCE:\n- LFI via Content-Type confusion\n- Read /proc/self/environ to find HOME\n- Steal encryption key + database\n- Forge admin JWT token\n- Expression injection sandbox bypass\n- RCE as root\n\nCVSS 10.0\n\nhttps://github.com/Chocapikk/CVE-2026-21858", "creation_timestamp": "2026-07-10T00:00:13.473969Z"}