Plattform
nodejs
Komponente
n8n
Behoben in
1.123.23
2.0.1
2.10.1
1.123.22
CVE-2026-27497 is a critical Remote Code Execution (RCE) vulnerability affecting n8n, a workflow automation platform. An authenticated user with sufficient permissions can exploit a flaw in the Merge node's SQL query mode to execute arbitrary code and write files on the server. This vulnerability impacts versions prior to 2.10.1, 2.9.3, and 1.123.22, and a patch is available.
The impact of CVE-2026-27497 is severe. A successful exploit allows an authenticated user to gain complete control over the n8n server. This could lead to data breaches, system compromise, and the execution of malicious code. Attackers could potentially steal sensitive data processed by n8n workflows, modify workflows to perform unauthorized actions, or even use the compromised server as a launchpad for further attacks within the network. The ability to write arbitrary files elevates the risk significantly, enabling attackers to install backdoors or modify system configurations.
Public details regarding CVE-2026-27497 are limited at this time. The vulnerability was disclosed on 2026-02-25. No public proof-of-concept (PoC) code has been released, but the nature of the vulnerability suggests that exploitation is feasible. The EPSS score is likely to be medium or high due to the RCE nature and the potential for widespread impact within organizations using n8n.
Organizations heavily reliant on n8n for workflow automation, particularly those with less stringent access controls, are at significant risk. Shared hosting environments where multiple users have access to n8n instances are also particularly vulnerable. Legacy n8n deployments running older, unpatched versions are the most exposed.
• nodejs / server:
ps aux | grep n8n• nodejs / server:
journalctl -u n8n -f | grep "SQL query"• generic web:
curl -I http://your-n8n-instance/ | grep -i serverdisclosure
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27497 is to upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later. If immediate upgrade is not possible, administrators should implement temporary workarounds. First, strictly limit workflow creation and editing permissions to only fully trusted users. Second, consider disabling the Merge node entirely, as this is the direct source of the vulnerability. Regularly review workflow configurations for any suspicious activity. After upgrading, confirm the fix by attempting to trigger the vulnerable Merge node functionality with a benign SQL query to ensure it is no longer exploitable.
Aktualisieren Sie n8n auf Version 2.10.1, 2.9.3 oder 1.123.22 oder höher. Wenn ein sofortiges Update nicht möglich ist, beschränken Sie die Berechtigungen zum Erstellen und Bearbeiten von Workflows auf vertrauenswürdige Benutzer oder deaktivieren Sie den Merge-Knoten, indem Sie `n8n-nodes-base.merge` zur Umgebungsvariablen `NODES_EXCLUDE` hinzufügen. Beachten Sie, dass diese Workarounds das Risiko nicht vollständig mindern und nur als kurzfristige Maßnahmen verwendet werden sollten.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27497 is a critical Remote Code Execution vulnerability in n8n, allowing authenticated users to execute arbitrary code via the Merge node's SQL query mode.
You are affected if you are running n8n versions prior to 2.10.1, 2.9.3, or 1.123.22. Check your version and upgrade immediately.
Upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later. As a temporary workaround, limit permissions or disable the Merge node.
While no active exploitation has been publicly confirmed, the vulnerability's severity and potential impact suggest it could be targeted. Monitor your systems closely.
Refer to the official n8n security advisory on their website or GitHub repository for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.