CVE-2026-33751

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1

Description n8n is a workflow automation platform. A flaw in the LDAP node's filter escape logic allows LDAP metacharacters to pass through unescaped when user-controlled input is interpolated into LDAP search filters. If a workflow uses the LDAP node with user-controlled input passed via expressions into the search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks. Exploitation requires a specific workflow configuration where the LDAP node is used with user-controlled input passed via expressions. The issue affects workflows where external user input is passed via expressions into the LDAP node's search parameters.

Recommendations Upgrade to n8n version 1.123.27 or later. Upgrade to n8n version 2.13.3 or later. Upgrade to n8n version 2.14.1 or later. If upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only. If upgrading is not immediately possible, disable the LDAP node by adding n8n-nodes-base.ldap to the NODES EXCLUDE environment variable. If upgrading is not immediately possible, avoid passing unvalidated external user input into LDAP node search parameters via expressions.