2 matches found
PT-2026-36907
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...
n8n has SQL Injection in Snowflake and MySQL Nodes
Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...