CVE-2026-27497HIGH 8.8EPSS p50.6%

CVE-2026-27497CVE-2026-27497

Description

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.77% probability of exploitation · percentile 50.6% · 2026-06-18T12:00:27Z
Published2026-02-25
Last modified2026-03-04

Underlying weaknesses· 2

CWE-89CWE-94

References

  1. https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
  2. https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
  3. https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
  4. https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33660
CVE
CVE-2026-25056
CVE
CVE-2026-27498
CVE
CVE-2026-27494
CVE
CVE-2026-33713
CVE
CVE-2026-42237
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.