Government Issues Alert on Critical Security Bug Hackers Use to Access Company Data

The government has issued a serious cybersecurity warning after identifying a critical software vulnerability that could allow hackers to gain full control of organizational systems. The National Computer Emergency Response Team (National CERT) has advised public and private sector organizations to take immediate action to secure their infrastructure against a severe flaw found in the open-source workflow automation platform n8n.

According to the advisory, the vulnerability has been tracked as CVE-2026-21858 and has been assigned a maximum Common Vulnerability Scoring System (CVSS) score of 10.0. This rating indicates the highest level of severity, meaning the flaw can be exploited easily and has potentially devastating consequences for affected systems.

National CERT explained that the issue involves a remote code execution weakness that can be exploited by unauthenticated attackers. This means that hackers do not need valid login credentials to launch an attack. By exploiting the flaw, an attacker can execute arbitrary commands on the target system, effectively gaining complete administrative control remotely.

Cybersecurity experts warn that such vulnerabilities are especially dangerous for organizations that rely on automation tools like n8n to manage internal workflows, data transfers, and system integrations. Once compromised, attackers could access sensitive company data, disrupt business operations, deploy ransomware, or use the affected systems as a launchpad for further attacks across the network.

The advisory highlights that open-source platforms are increasingly targeted due to their widespread adoption and integration into critical business processes. While open-source tools offer flexibility and cost advantages, they also require consistent security monitoring and timely patch management to prevent exploitation.

National CERT has urged organizations using n8n to immediately assess their systems, apply available security updates, and restrict network exposure where possible. In cases where patches are not yet applied, organizations are advised to implement temporary mitigation measures such as limiting public access, enforcing strict firewall rules, and closely monitoring system logs for suspicious activity.

The warning comes amid a broader rise in cyberattacks targeting enterprises, government bodies, and service providers. Remote code execution flaws are particularly attractive to threat actors because they provide direct system access without requiring user interaction. Security analysts note that attackers often exploit such vulnerabilities within hours of public disclosure, making rapid response essential.

Officials stressed that cybersecurity is a shared responsibility and that delayed action could result in significant data breaches, financial losses, and reputational damage. Organizations handling sensitive customer or operational data face even greater risks if vulnerabilities remain unpatched.

The government has encouraged IT teams and system administrators to remain vigilant, follow official advisories, and strengthen their overall security posture. Regular vulnerability assessments, timely updates, and awareness of emerging threats are seen as critical steps in reducing exposure to high-impact cyber risks like CVE-2026-21858.