CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

CVE-2026-54311

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

6CVSS0.00057EPSS

Exploits0References1

Cvelist•added 5 hours ago•5 views

CVE-2026-54311 n8n: Merge Node SQL Mode Prototype Pollution

6CVSS0.00057EPSS

Exploits0References1

CVE•added 5 hours ago•11 views

CVE-2026-54311

CVE-2026-54311 affects the n8n open-source workflow automation platform, specifically its Merge node in SQL Query mode. The issue allows an authenticated user with workflow creation/modification permissions to pollute the sandbox context, which is cached and reused across all workflow executions....

6CVSS6AI score0.00057EPSS

Exploits0References1

EUVD•added 5 hours ago•4 views

EUVD-2026-38471

6CVSS6AI score0.00057EPSS

Exploits0References1

Github Security Blog•added 2026/06/16 7:1 p.m.•6 views

n8n: Merge Node SQL Mode Prototype Pollution

Impact An authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by one user's workflow...

6CVSS5.8AI score0.00057EPSS

Exploits0References2Affected Software1

Patchstack•added 2026/06/16 7:1 p.m.•3 views

NPM: n8n: Merge Node SQL Mode Prototype Pollution

NPM: n8n: Merge Node SQL Mode Prototype Pollution vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

6CVSS5.9AI score0.00057EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-50177

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can pollute the sandbox used by the Merge node's SQL Query mode. Since the sandbox context is cached and...

6.3CVSS6AI score0.00057EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 11:3 p.m.•2 views

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS6.1AI score0.00951EPSS

Exploits0References1

Snyk•added 2026/03/25 9:7 p.m.•3 views

Arbitrary Code Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's Combine by SQL mode. An authenticated user with permissions to create or modify workflows can execute arbitrary code and access sensitive files on the...

9.4CVSS6.3AI score0.00951EPSS

Exploits0References2

EUVD•added 2026/03/25 9:7 p.m.•4 views

EUVD-2026-15942

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode...

9.4CVSS6AI score0.00951EPSS

Exploits0References2

Github Security Blog•added 2026/03/25 9:7 p.m.•6 views

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...

9.4CVSS6.1AI score0.00951EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/25 9:7 p.m.•2 views

GHSA-58QR-RCGV-642V n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.9CVSS6.1AI score0.00951EPSS

Exploits0References3

NVD•added 2026/03/25 6:16 p.m.•2 views

CVE-2026-33660

9.4CVSS0.00951EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 5:9 p.m.•2 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS6.1AI score0.00951EPSS

Exploits0References1

ATTACKERKB•added 2026/03/25 5:9 p.m.•1 views

CVE-2026-33660

9.4CVSS6.1AI score0.00951EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/25 5:9 p.m.•19 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS0.00951EPSS

Exploits0References1

CVE•added 2026/03/25 5:9 p.m.•49 views

CVE-2026-33660

The CVE-2026-33660 issue affects n8n, an open source workflow automation platform. Before versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user who can create/modify workflows could use the Merge node in Combine by SQL mode to read local host files and achieve remote code execution. The Al...

9.4CVSS6.1AI score0.00951EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/25 5:9 p.m.•4 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS6.1AI score0.00951EPSS

Exploits0References3

CNNVD•added 2026/03/25 12:0 a.m.•6 views

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

9.4CVSS6.4AI score0.00951EPSS

Exploits0References2

Positive Technologies•added 2026/03/25 12:0 a.m.•6 views

PT-2026-28074

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.26 Description n8n is a workflow automation platform. A user authenticated with permissions to create or modify workflows could leverage the "Combine by SQL"...

9.9CVSS6.1AI score0.00951EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by