Lucene search
K

4 matches found

NVD
NVD
added yesterday6 views

CVE-2026-59257

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

8.8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:39 p.m.3 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 6:39 p.m.5 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 9:3 p.m.4 views

GHSA-HP3C-VFPM-Q4F7 n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

8.2CVSS5.8AI score0.00254EPSS
Exploits0References4
Rows per page
Query Builder