{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33660", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T15:23:42.219Z", "datePublished": "2026-03-25T17:09:09.528Z", "dateUpdated": "2026-03-25T17:09:09.528Z"}, "containers": {"cna": {"title": "n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v"}], "affected": [{"vendor": "n8n-io", "product": "n8n", "versions": [{"version": "< 1.123.27", "status": "affected"}, {"version": ">= 2.0.0-rc.0, < 2.13.3", "status": "affected"}, {"version": "= 2.14.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T17:09:09.528Z"}, "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's \"Combine by SQL\" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}], "source": {"advisory": "GHSA-58qr-rcgv-642v", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's \"Combine by SQL\" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}], "id": "CVE-2026-33660", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-25T18:16:32.080", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.123.27)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0-rc.0,2.13.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.14.0"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 82.0, "source": "matching"}]}, "original": {"product": "n8n", "source": "cna", "vendor": "n8n-io"}, "product": "n8n", "vendor": "n8n"}], "analysis": {"en": {"generated_at": "2026-03-25T19:43:13.681156+00:00", "value": {"mitigation_remediation": ["Upgrade the n8n platform to version 2.14.1, 2.13.3, or 1.123.26 or later.", "If an upgrade is not feasible immediately, limit workflow creation and editing rights to trusted users only, and/or disable the Merge node by setting the NODES_EXCLUDE environment variable to include n8n-nodes-base.merge."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all n8n-io installations that run versions older than 2.14.1, 2.13.3, or 1.123.26. Users and administrators of these legacy releases are directly impacted; newer releases are not affected.", "description_and_impact": "Under the Merge node\u2019s \"Combine by SQL\" mode in n8n, the insecure AlaSQL sandbox allowed an authenticated user with workflow modification rights to execute arbitrary SQL that read local files or invoked system commands. This flaw is a classic SQL injection that bypasses sandbox restrictions, giving the attacker read and exec capabilities on the host. The effect is remote code execution, enabling full compromise of the n8n instance and potentially the underlying operating system.", "risk_and_exploitability": "With a CVSS base score of 9.4 the flaw is rated critical. No EPSS score is available, and the vulnerability is not listed as a known exploited vulnerability by CISA, but the high severity and requirement for authenticated access suggest that exploitation is plausible in environments with permissive workflow permissions. The most likely attack path is an attacker who gains the right to create or edit workflows, then crafts a malicious Merge node that reads server files or runs commands. Prompt remediation via a patch or temporary restriction of permissions is essential."}}}}, "created": "2026-03-25T21:46:37.209353+00:00", "updated": "2026-03-26T11:34:21.205944+00:00", "vendors": ["n8n", "n8n$PRODUCT$n8n"]}