41 matches found
CVE-2026-33660
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
Arbitrary Code Injection
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's Combine by SQL mode. An authenticated user with permissions to create or modify workflows can execute arbitrary code and access sensitive files on the...
EUVD-2026-15942
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode...
GHSA-58QR-RCGV-642V n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...
CVE-2026-33660
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
CVE-2026-33660
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
CVE-2026-33660
The CVE-2026-33660 issue affects n8n, an open source workflow automation platform. Before versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user who can create/modify workflows could use the Merge node in Combine by SQL mode to read local host files and achieve remote code execution. The Al...
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
n8n 代码注入漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...
PT-2026-28074
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.26 Description n8n is a workflow automation platform. A user authenticated with permissions to create or modify workflows could leverage the "Combine by SQL"...
Vulnerability fixed in n8n Automation Platform
N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...
CVE-2026-27497
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...
CVE-2026-27497
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...
CVE-2026-27497
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...
CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...
CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...
CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...