3 matches found
CVE-2026-59257
n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...
EUVD-2026-42269
n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...
CVE-2026-59257
This CVE affects n8n before 1.123.61 and 2.x before 2.27.4, specifically the legacy MySQL v1 node’s executeQuery operation. The root cause is that evaluated {{ ... }} expression values are substituted directly into the raw SQL string without parameterization, enabling SQL injection when a workflo...