Islamabad:
Pakistan’s cyber authorities have issued a high-severity warning after identifying a critical security flaw that could allow hackers to gain full access to company systems, raising fresh concerns over the resilience of the country’s rapidly expanding digital ecosystem.
The National Computer Emergency Response Team (National CERT) said the vulnerability affects n8n, an open-source workflow automation platform increasingly used by technology firms, startups and enterprises to streamline digital operations.
Tracked as CVE-2026-21858, the flaw carries a CVSS score of 10.0, the highest possible rating. CERT said the weakness allows unauthenticated remote code execution, enabling attackers to take complete control of affected servers without any user interaction.
According to the advisory, the issue stems from poor input validation and weak authorisation controls in exposed components of the platform, making exploitation “easy and highly dangerous” for organisations running unpatched systems.
Digital Pakistan at risk
As Pakistan pushes ahead with digitalisation across business, governance and fintech, officials warned that such vulnerabilities could undermine trust in automation-driven platforms critical to productivity and innovation.
CERT said a successful attack could allow hackers to:
- Execute malicious code remotely
- Manipulate or delete automated workflows
- Steal sensitive credentials, including API keys and access tokens
- Exfiltrate confidential business and customer data
Compromised systems could also be used to move laterally across connected networks, posing supply-chain risks for partners and downstream digital services.
Pattern of sustained cyber threats
The latest alert follows multiple critical flaws reported in n8n over the past two weeks, including CVE-2025-60613, CVE-2025-68613 and CVE-2026-21877, indicating what CERT described as sustained attacker interest in workflow automation tools.
Versions below 1.121.0 are confirmed to be vulnerable, while some deployments up to version 1.121.3 may also remain exposed if not properly secured.
Emergency patching urged
National CERT urged organisations to treat the issue as an emergency, advising immediate upgrades to n8n version 1.121.0 or later, with 1.121.3 recommended. Additional steps include rotating credentials, reviewing system logs, limiting network exposure and strengthening continuous monitoring.
Impact on Pakistan’s digital journey
Cybersecurity experts say the advisory highlights both the promise and the risk of Pakistan’s digital push. While automation platforms are key to improving efficiency and scaling digital services, weak security practices could slow adoption and expose businesses to serious financial and reputational damage.
Officials stressed that proactive cyber hygiene, timely patching and stronger security governance are essential if Pakistan is to secure its digital future and sustain confidence in its growing technology-driven economy.
