{"uuid": "9961f6f6-39e2-44eb-a733-4c86088d7ce0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21858", "type": "published-proof-of-concept", "source": "https://t.me/cKure/15856", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit\n\nUnauthenticated to Root RCE:\n- LFI via Content-Type confusion\n- Read /proc/self/environ to find HOME\n- Steal encryption key + database\n- Forge admin JWT token\n- Expression injection sandbox bypass\n- RCE as root\n\nCVSS 10.0\n\nhttps://github.com/Chocapikk/CVE-2026-21858", "creation_timestamp": "2026-01-08T19:06:31.000000Z"}