SQL Injection in N8n-io N8n

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node…

Vulnerability class: SQL Injection

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 1.123.26, >= 2.0.0-rc.0, < 2.13.3, = 2.14.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3 (x_refsource_CONFIRM)