LDAP Injection in N8n-io N8n

CVE-2026-33751

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpol…

EPSS: 0.000 (5.3th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 1.123.27, >= 2.0.0-rc.0, < 2.13.3, = 2.14.0

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42 (x_refsource_CONFIRM)