Platform
nodejs
Component
n8n
Fixed in
1.123.23
2.0.1
2.10.1
1.123.22
CVE-2026-27497 is a critical Remote Code Execution (RCE) vulnerability affecting n8n, a workflow automation platform. An authenticated user with sufficient permissions can exploit a flaw in the Merge node's SQL query mode to execute arbitrary code and write files on the server. This vulnerability impacts versions prior to 2.10.1, 2.9.3, and 1.123.22, and a patch is available.
The impact of CVE-2026-27497 is severe. A successful exploit allows an authenticated user to gain complete control over the n8n server. This could lead to data breaches, system compromise, and the execution of malicious code. Attackers could potentially steal sensitive data processed by n8n workflows, modify workflows to perform unauthorized actions, or even use the compromised server as a launchpad for further attacks within the network. The ability to write arbitrary files elevates the risk significantly, enabling attackers to install backdoors or modify system configurations.
Public details regarding CVE-2026-27497 are limited at this time. The vulnerability was disclosed on 2026-02-25. No public proof-of-concept (PoC) code has been released, but the nature of the vulnerability suggests that exploitation is feasible. The EPSS score is likely to be medium or high due to the RCE nature and the potential for widespread impact within organizations using n8n.
Exploit Status
EPSS
0.07% (20% percentile)
CISA SSVC
The primary mitigation for CVE-2026-27497 is to upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later. If immediate upgrade is not possible, administrators should implement temporary workarounds. First, strictly limit workflow creation and editing permissions to only fully trusted users. Second, consider disabling the Merge node entirely, as this is the direct source of the vulnerability. Regularly review workflow configurations for any suspicious activity. After upgrading, confirm the fix by attempting to trigger the vulnerable Merge node functionality with a benign SQL query to ensure it is no longer exploitable.
Upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22, or later. If upgrading is not immediately possible, limit workflow creation and editing permissions to trusted users or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. Note that these workarounds do not fully mitigate the risk and should only be used as short-term mitigation measures.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27497 is a critical Remote Code Execution vulnerability in n8n, allowing authenticated users to execute arbitrary code via the Merge node's SQL query mode.
You are affected if you are running n8n versions prior to 2.10.1, 2.9.3, or 1.123.22. Check your version and upgrade immediately.
Upgrade n8n to version 2.10.1, 2.9.3, or 1.123.22 or later. As a temporary workaround, limit permissions or disable the Merge node.
While no active exploitation has been publicly confirmed, the vulnerability's severity and potential impact suggest it could be targeted. Monitor your systems closely.
Refer to the official n8n security advisory on their website or GitHub repository for detailed information and updates.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.