2 matches found
CVE-2026-33751
The CVE-2026-33751 vulnerability affects n8n's LDAP node where filter escape logic fails to escape metacharacters when user-controlled input is interpolated into LDAP search filters. This can allow manipulation of the LDAP search filter, potentially exposing unintended records or bypassing authen...
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...