n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...

EUVD-2026-15942

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode...

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

CVE-2026-33660

The CVE-2026-33660 issue affects n8n, an open source workflow automation platform. Before versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user who can create/modify workflows could use the Merge node in Combine by SQL mode to read local host files and achieve remote code execution. The Al...

CVE-2026-27497

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...

CVE-2026-27497

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...

CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...

CVE-2026-27497

CVE-2026-27497 is connected to the n8n advisory GHSA-WXX7-MCGF-J869, which documents a remote code execution risk in the Merge node when used in SQL query mode. An authenticated user with permission to create or modify workflows can cause arbitrary code execution and write files on the n8n server...

GHSA-WXX7-MCGF-J869 n8n has Potential Remote Code Execution via Merge Node

Impact An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. Patches The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to...

PT-2026-22034

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description n8n is an open source workflow automation platform. An authenticated user with permission to create or modify workflows could leverage the Merg...

Arbitrary File Upload

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Merge node's SQL Query mode. An attacker can write arbitrary files to the server's filesystem and potentially execute remote code by crafting malicious workflows. Note:...

GHSA-HV53-3329-VMRM n8n Merge Node has Arbitrary File Write leading to RCE

Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. Patches The issue has been fixed in n8n version 2.4.0, 1.118.0...

CVE-2026-25056

n8n is affected by CVE-2026-25056 in the Merge node’s SQL Query mode. Prior to versions 1.118.0 and 2.4.0, authenticated users with permission to create or modify workflows could write arbitrary files to the n8n server filesystem, potentially enabling remote code execution. The vulnerability has ...

CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

PT-2026-6438

Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. Patches The issue has been fixed in n8n version 2.4.0, 1.118.0...

Symfony 2.7.0 < 4.0.10 - Denial of Service Exploit

Exploit for php platform in category dos / poc The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An applicati...

Symfony 2.7.0 4.0.10 - Denial of Service

Symfony 2.7.0 4.0.10 - Denial of Service The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is...

Symfony 2.7.0 &lt; 4.0.10 - Denial of Service

The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is vulnerable when: - It is using...