Cyber Resilience

CVE-2026-33660

CriticalRCE

Published: 25 March 2026

Published
25 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0095 56.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-33660 is a critical-severity Code Injection (CWE-94) vulnerability in N8N N8N. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 43.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-33660 is a high-severity vulnerability (CVSS 8.8) affecting n8n, an open-source workflow automation platform, in versions prior to 2.14.1, 2.13.3, and 1.123.26. The flaw stems from insufficient sandboxing in the AlaSQL library used by the Merge node's "Combine by SQL" mode (CWE-94: Improper Control of Generation of Code, CWE-89: Improper Neutralization of Special Elements used in an SQL Command). This allows authenticated users with permissions to create or modify workflows to craft SQL statements that bypass restrictions, enabling arbitrary local file reads on the n8n host and potentially leading to remote code execution.

An attacker requires low-privilege network access as an authenticated user (PR:L) with workflow creation or modification rights, making exploitation straightforward with no user interaction needed (AC:L, UI:N). Successful attacks can result in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), such as exfiltrating sensitive server files or fully compromising the n8n instance through RCE, without scope changes (S:U).

The n8n security advisory recommends upgrading to versions 2.14.1, 2.13.3, or 1.123.26 or later for full remediation. As temporary measures, administrators should restrict workflow creation and editing to fully trusted users only and/or disable the Merge node by setting the `NODES_EXCLUDE` environment variable to include `n8n-nodes-base.merge`. These workarounds are not comprehensive and serve only as short-term protections. Details are available in the advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the…

more

n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability directly enables arbitrary local file reads (T1005: Data from Local System) and facilitates privilege escalation via potential RCE from low-privileged authenticated access (T1068: Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27497Same product: N8N N8N
CVE-2026-27495Same product: N8N N8N
CVE-2026-27494Same product: N8N N8N
CVE-2026-33696Same product: N8N N8N
CVE-2026-27577Same product: N8N N8N
CVE-2026-27498Same product: N8N N8N
CVE-2026-33713Same product: N8N N8N
CVE-2026-21877Same product: N8N N8N
CVE-2026-0863Same product: N8N N8N
CVE-2026-27493Same product: N8N N8N

Affected Assets

n8n
n8n
2.14.0 · ≤ 1.123.27 · 2.0.0 — 2.13.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely installation of security patches, directly addressing the AlaSQL sandbox flaw by upgrading to fixed n8n versions 2.14.1, 2.13.3, or 1.123.26.

prevent

AC-6 enforces least privilege by restricting workflow creation and modification permissions to fully trusted users, preventing low-privilege authenticated attackers from exploiting the Merge node.

prevent

CM-7 minimizes functionality by disabling the vulnerable Merge node via the NODES_EXCLUDE environment variable, blocking the SQL-based file read and RCE attack vector.

References