{"id":734405,"date":"2026-01-19T17:03:11","date_gmt":"2026-01-19T16:03:11","guid":{"rendered":"https:\/\/www.stormshield.com\/?p=734405"},"modified":"2026-01-19T17:03:11","modified_gmt":"2026-01-19T16:03:11","slug":"alerte-securite-cve-2026-21858","status":"publish","type":"post","link":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/","title":{"rendered":"Alerte de s\u00e9curit\u00e9 CVE-2026-21858 : la r\u00e9ponse des produits Stormshield"},"content":{"rendered":"

Une vuln\u00e9rabilit\u00e9 critique impactant la plateforme d\u2019automatisation de workflow n8n et identifi\u00e9e par la r\u00e9f\u00e9rence CVE-2026-21858, a \u00e9t\u00e9 publi\u00e9e le 07 janvier 2026. Elle obtient un score CVSS v3.1 de 10,0. <\/strong><\/p>\n

Il convient de porter une attention particuli\u00e8re \u00e0 CVE-2026-21858<\/a>, car des preuves de concept sont disponibles publiquement.<\/p>\n

 <\/p>\n

Le vecteur initial de la vuln\u00e9rabilit\u00e9 n8n<\/h2>\n

La vuln\u00e9rabilit\u00e9 CVE-2026-21858 permet \u00e0 un attaquant non-authentifi\u00e9 une lecture arbitraire de fichiers stock\u00e9s sur la plateforme<\/strong>, ce qui peut mener jusqu\u2019\u00e0 l\u2019usurpation d\u2019une session administrateur.<\/p>\n

 <\/p>\n

Les d\u00e9tails techniques de la vuln\u00e9rabilit\u00e9 n8n<\/h2>\n

La gestion du t\u00e9l\u00e9versement de fichier via requ\u00eate HTTP ne v\u00e9rifie pas la valeur de l\u2019ent\u00eate \u00ab\u00a0Content-Type<\/em>\u00a0\u00bb<\/code>. Un acteur malveillant peut ainsi manipuler le comportement d\u2019un transfert de fichier pour forcer la plateforme \u00e0 lire des fichiers internes contenant des informations sensibles. L\u2019acteur n\u2019a plus qu\u2019a formuler une requ\u00eate \u00e0 l\u2019agent AI de la plateforme sur le contenu de ces fichiers pour en extraire les secrets.<\/p>\n

 <\/p>\n

La mod\u00e9lisation de l'attaque avec MITRE ATT&CK<\/h2>\n
    \n
  • T1190\u00a0: Exploit Public-Facing Application<\/li>\n<\/ul>\n

     <\/p>\n

    Les moyens de protections avec Stormshield Network Security face \u00e0 la vuln\u00e9rabilit\u00e9 n8n<\/h2>\n

    Protection face \u00e0 la CVE-2026-21858<\/h3>\n

    Les firewalls Stormshield Network Security (SNS) d\u00e9tectent et bloquent par d\u00e9faut l\u2019exploitation de la CVE-2026-21858 via son alarme :<\/p>\n

      \n
    • http:mix.364 = Web\u00a0: Possible exploitation of a Content-Type confusion in an n8n platform (CVE-2026-21858)<\/li>\n<\/ul>\n\n\n\n
      \"\"<\/p>\n

      Indice de confiance de la protection propos\u00e9e par Stormshield<\/em><\/td>\n

      		\n

      \"\"<\/p>\n

      Indice de confiance de l\u2019absence de faux positif<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      Recommandations face \u00e0 la vuln\u00e9rabilit\u00e9 n8n<\/h3>\n

      Il est ainsi fortement recommand\u00e9 de mettre \u00e0 jour votre logiciel n8n \u00e0 la version 1.121.0 ou sup\u00e9rieure.<\/p>\n","protected":false},"excerpt":{"rendered":"

      Une vuln\u00e9rabilit\u00e9 critique impactant la plateforme d\u2019automatisation de workflow n8n et identifi\u00e9e par la r\u00e9f\u00e9rence CVE-2026-21858, a \u00e9t\u00e9 publi\u00e9e le 07 janvier 2026. Elle obtient un score CVSS v3.1 de 10,0. Il convient de porter une attention particuli\u00e8re \u00e0 CVE-2026-21858, car des preuves de concept…<\/p>\n","protected":false},"author":83,"featured_media":190179,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1503],"tags":[4368],"business_size":[],"industry":[],"help_mefind":[],"features":[],"type_security":[],"maintenance":[],"offer":[],"administration_tools":[],"cloud_offers":[],"listing_product":[],"class_list":["post-734405","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alertes","tag-la-cybersecurite-par-stormshield"],"acf":[],"yoast_head":"\nVuln\u00e9rabilit\u00e9 Workflow n8n | CVE-2026-21858<\/title>\n<meta name=\"description\" content=\"Alerte de s\u00e9curit\u00e9 sur la plateforme d\u2019automatisation de workflow n8n et moyens de protection Stormshield face \u00e0 la CVE-2026-21858.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vuln\u00e9rabilit\u00e9 Workflow n8n | CVE-2026-21858\" \/>\n<meta property=\"og:description\" content=\"Alerte de s\u00e9curit\u00e9 sur la plateforme d\u2019automatisation de workflow n8n et moyens de protection Stormshield face \u00e0 la CVE-2026-21858.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\" \/>\n<meta property=\"og:site_name\" content=\"Stormshield\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-19T16:03:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1422\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stormshield Customer Security Lab\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:site\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stormshield Customer Security Lab\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\"},\"author\":{\"name\":\"Stormshield Customer Security Lab\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\"},\"headline\":\"Alerte de s\u00e9curit\u00e9 CVE-2026-21858 : la r\u00e9ponse des produits Stormshield\",\"datePublished\":\"2026-01-19T16:03:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\"},\"wordCount\":309,\"image\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"keywords\":[\"La cybers\u00e9curit\u00e9 - par Stormshield\"],\"articleSection\":[\"Alertes\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\",\"url\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\",\"name\":\"Vuln\u00e9rabilit\u00e9 Workflow n8n | CVE-2026-21858\",\"isPartOf\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"datePublished\":\"2026-01-19T16:03:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\"},\"description\":\"Alerte de s\u00e9curit\u00e9 sur la plateforme d\u2019automatisation de workflow n8n et moyens de protection Stormshield face \u00e0 la CVE-2026-21858.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage\",\"url\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"contentUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"width\":2560,\"height\":1422},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stormshield.com\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Alerte de s\u00e9curit\u00e9 CVE-2026-21858 : la r\u00e9ponse des produits Stormshield\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#website\",\"url\":\"https:\/\/www.stormshield.com\/fr\/\",\"name\":\"Stormshield\",\"description\":\"Stormshield\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\",\"name\":\"Stormshield Customer Security Lab\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"caption\":\"Stormshield Customer Security Lab\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vuln\u00e9rabilit\u00e9 Workflow n8n | CVE-2026-21858","description":"Alerte de s\u00e9curit\u00e9 sur la plateforme d\u2019automatisation de workflow n8n et moyens de protection Stormshield face \u00e0 la CVE-2026-21858.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/","og_locale":"fr_FR","og_type":"article","og_title":"Vuln\u00e9rabilit\u00e9 Workflow n8n | CVE-2026-21858","og_description":"Alerte de s\u00e9curit\u00e9 sur la plateforme d\u2019automatisation de workflow n8n et moyens de protection Stormshield face \u00e0 la CVE-2026-21858.","og_url":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/","og_site_name":"Stormshield","article_published_time":"2026-01-19T16:03:11+00:00","og_image":[{"width":2560,"height":1422,"url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","type":"image\/jpeg"}],"author":"Stormshield Customer Security Lab","twitter_card":"summary_large_image","twitter_creator":"@Stormshield","twitter_site":"@Stormshield","twitter_misc":{"\u00c9crit par":"Stormshield Customer Security Lab","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#article","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/"},"author":{"name":"Stormshield Customer Security Lab","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"headline":"Alerte de s\u00e9curit\u00e9 CVE-2026-21858 : la r\u00e9ponse des produits Stormshield","datePublished":"2026-01-19T16:03:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/"},"wordCount":309,"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","keywords":["La cybers\u00e9curit\u00e9 - par Stormshield"],"articleSection":["Alertes"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/","url":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/","name":"Vuln\u00e9rabilit\u00e9 Workflow n8n | CVE-2026-21858","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage"},"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","datePublished":"2026-01-19T16:03:11+00:00","author":{"@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"description":"Alerte de s\u00e9curit\u00e9 sur la plateforme d\u2019automatisation de workflow n8n et moyens de protection Stormshield face \u00e0 la CVE-2026-21858.","breadcrumb":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#primaryimage","url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","contentUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","width":2560,"height":1422},{"@type":"BreadcrumbList","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-cve-2026-21858\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stormshield.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Alerte de s\u00e9curit\u00e9 CVE-2026-21858 : la r\u00e9ponse des produits Stormshield"}]},{"@type":"WebSite","@id":"https:\/\/www.stormshield.com\/fr\/#website","url":"https:\/\/www.stormshield.com\/fr\/","name":"Stormshield","description":"Stormshield","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249","name":"Stormshield Customer Security Lab","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","caption":"Stormshield Customer Security Lab"}}]}},"_links":{"self":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/734405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/comments?post=734405"}],"version-history":[{"count":2,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/734405\/revisions"}],"predecessor-version":[{"id":734407,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/734405\/revisions\/734407"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media\/190179"}],"wp:attachment":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media?parent=734405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/categories?post=734405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/tags?post=734405"},{"taxonomy":"business_size","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/business_size?post=734405"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/industry?post=734405"},{"taxonomy":"help_mefind","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/help_mefind?post=734405"},{"taxonomy":"features","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/features?post=734405"},{"taxonomy":"type_security","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/type_security?post=734405"},{"taxonomy":"maintenance","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/maintenance?post=734405"},{"taxonomy":"offer","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/offer?post=734405"},{"taxonomy":"administration_tools","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/administration_tools?post=734405"},{"taxonomy":"cloud_offers","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/cloud_offers?post=734405"},{"taxonomy":"listing_product","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/listing_product?post=734405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}