CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

RedhatCVE•added 2026/03/26 11:3 p.m.•2 views

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS6.1AI score0.00951EPSS

Exploits0References1

Snyk•added 2026/03/25 9:7 p.m.•3 views

Arbitrary Code Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's Combine by SQL mode. An authenticated user with permissions to create or modify workflows can execute arbitrary code and access sensitive files on the...

9.4CVSS6.3AI score0.00951EPSS

Exploits0References2

EUVD•added 2026/03/25 9:7 p.m.•4 views

EUVD-2026-15942

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode...

9.4CVSS6AI score0.00951EPSS

Exploits0References2

OSV•added 2026/03/25 9:7 p.m.•2 views

GHSA-58QR-RCGV-642V n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...

9.9CVSS6.1AI score0.00951EPSS

Exploits0References3

Github Security Blog•added 2026/03/25 9:7 p.m.•6 views

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS6.1AI score0.00951EPSS

Exploits0References3Affected Software1

NVD•added 2026/03/25 6:16 p.m.•2 views

CVE-2026-33660

9.4CVSS0.00951EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 5:9 p.m.•2 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS6.1AI score0.00951EPSS

Exploits0References1

ATTACKERKB•added 2026/03/25 5:9 p.m.•1 views

CVE-2026-33660

9.4CVSS6.1AI score0.00951EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/25 5:9 p.m.•19 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS0.00951EPSS

Exploits0References1

CVE•added 2026/03/25 5:9 p.m.•46 views

CVE-2026-33660

The CVE-2026-33660 issue affects n8n, an open source workflow automation platform. Before versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user who can create/modify workflows could use the Merge node in Combine by SQL mode to read local host files and achieve remote code execution. The Al...

9.4CVSS6.1AI score0.00951EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/25 5:9 p.m.•4 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

9.4CVSS6.1AI score0.00951EPSS

Exploits0References3

CNNVD•added 2026/03/25 12:0 a.m.•6 views

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

9.4CVSS6.4AI score0.00951EPSS

Exploits0References2

Positive Technologies•added 2026/03/25 12:0 a.m.•6 views

PT-2026-28074

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.26 Description n8n is a workflow automation platform. A user authenticated with permissions to create or modify workflows could leverage the "Combine by SQL"...

9.9CVSS6.1AI score0.00951EPSS

Exploits0References11

NCSC•added 2026/03/04 2:3 p.m.•8 views

Vulnerability fixed in n8n Automation Platform

N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...

9.4CVSS6.4AI score0.00765EPSS

Exploits0References1

RedhatCVE•added 2026/02/26 10:34 p.m.•5 views

CVE-2026-27497

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...

9.4CVSS6.3AI score0.00765EPSS

Exploits0References1

NVD•added 2026/02/25 11:16 p.m.•7 views

CVE-2026-27497

9.4CVSS0.00765EPSS

Exploits0References4

ATTACKERKB•added 2026/02/25 10:16 p.m.•2 views

CVE-2026-27497

9.4CVSS6.3AI score0.00765EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/02/25 10:16 p.m.•6 views

CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node

9.4CVSS6.3AI score0.00765EPSS

Exploits0References4

CVE•added 2026/02/25 10:16 p.m.•27 views

CVE-2026-27497

CVE-2026-27497 is connected to the n8n advisory GHSA-WXX7-MCGF-J869, which documents a remote code execution risk in the Merge node when used in SQL query mode. An authenticated user with permission to create or modify workflows can cause arbitrary code execution and write files on the n8n server...

9.4CVSS6.3AI score0.00765EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/02/25 10:16 p.m.•22 views

CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node

9.4CVSS0.00765EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by