3 matches found
@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-33660 via n8n (>=0.138.0 <=0.93.0)
n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-33660 Source advisory: OSV:GHSA-58QR-RCGV-642V...
CVE-2026-33660
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...
CVE-2026-33660
The CVE-2026-33660 issue affects n8n, an open source workflow automation platform. Before versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user who can create/modify workflows could use the Merge node in Combine by SQL mode to read local host files and achieve remote code execution. The Al...