PT-2026-22034 · N8N · N8N

Allsmog

Published

2026-02-25

Updated

2026-03-04

CVE-2026-27497

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22

Description n8n is an open source workflow automation platform. An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. This could potentially allow for full server takeover.

Recommendations Upgrade to n8n version 2.10.1 or later. Upgrade to n8n version 2.9.3 or later. Upgrade to n8n version 1.123.22 or later.

Exploit

Fix

RCE

Code Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-89

Related Identifiers

CVE-2026-27497

GHSA-WXX7-MCGF-J869

Affected Products

N8N

PT-2026-22034 · N8N · N8N

CVE-2026-27497

Weakness Enumeration

Related Identifiers

Affected Products

References · 20