n8n SQL-injection vulnerability, CVSS 8.8
Summary
CERT-Bund has issued a security advisory for n8n, detailing a critical SQL-injection vulnerability (CVSS 8.8) affecting versions prior to 1.123.26, 2.14.1, and 2.13.3. The vulnerability allows remote authenticated attackers to execute SQL injection attacks. Mitigation is available.
What changed
CERT-Bund has released a security advisory (WID-SEC-2026-0885) concerning a critical SQL-injection vulnerability in the n8n workflow automation tool. The vulnerability, rated with a CVSS Base Score of 8.8, allows remote authenticated attackers to exploit the system. Affected versions include n8n <1.123.26, n8n <2.14.1, and n8n <2.13.3, impacting Linux, UNIX, and Windows operating systems.
Organizations using n8n must immediately review their installed versions and apply available mitigations or update to a patched version to prevent potential data breaches and unauthorized access. Failure to address this vulnerability could lead to significant data compromise and operational disruption. The advisory indicates that mitigation measures are available, and users should consult the provided links for specific guidance and version history.
What to do next
- Review n8n version for applicability to advisory WID-SEC-2026-0885
- Apply available mitigations or update to a patched version of n8n
Source document (simplified)
[WID-SEC-2026-0885] n8n: Schwachstelle ermöglicht SQL-Injection CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 26.03.2026 Stand 27.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden können, um Aufgaben zu automatisieren.
Produkte
26.03.2026
- n8n n8n <1.123.26
n8n n8n <2.14.1
n8n n8n <2.13.3
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in n8n ausnutzen, um einen SQL-Injection Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.