CVE-2026-33660

HighRCE

Published: 25 March 2026

Published

25 March 2026

Modified

30 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 21.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33660 is a high-severity Code Injection (CWE-94) vulnerability in N8N N8N. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 21.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely installation of security patches, directly addressing the AlaSQL sandbox flaw by upgrading to fixed n8n versions 2.14.1, 2.13.3, or 1.123.26.

AC-6 Least Privilege good match

prevent

AC-6 enforces least privilege by restricting workflow creation and modification permissions to fully trusted users, preventing low-privilege authenticated attackers from exploiting the Merge node.

CM-7 Least Functionality good match

prevent

CM-7 minimizes functionality by disabling the vulnerable Merge node via the NODES_EXCLUDE environment variable, blocking the SQL-based file read and RCE attack vector.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Vulnerability directly enables arbitrary local file reads (T1005: Data from Local System) and facilitates privilege escalation via potential RCE from low-privileged authenticated access (T1068: Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the…

n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Deeper analysisAI

CVE-2026-33660 is a high-severity vulnerability (CVSS 8.8) affecting n8n, an open-source workflow automation platform, in versions prior to 2.14.1, 2.13.3, and 1.123.26. The flaw stems from insufficient sandboxing in the AlaSQL library used by the Merge node's "Combine by SQL" mode (CWE-94: Improper Control of Generation of Code, CWE-89: Improper Neutralization of Special Elements used in an SQL Command). This allows authenticated users with permissions to create or modify workflows to craft SQL statements that bypass restrictions, enabling arbitrary local file reads on the n8n host and potentially leading to remote code execution.

An attacker requires low-privilege network access as an authenticated user (PR:L) with workflow creation or modification rights, making exploitation straightforward with no user interaction needed (AC:L, UI:N). Successful attacks can result in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), such as exfiltrating sensitive server files or fully compromising the n8n instance through RCE, without scope changes (S:U).

The n8n security advisory recommends upgrading to versions 2.14.1, 2.13.3, or 1.123.26 or later for full remediation. As temporary measures, administrators should restrict workflow creation and editing to fully trusted users only and/or disable the Merge node by setting the `NODES_EXCLUDE` environment variable to include `n8n-nodes-base.merge`. These workarounds are not comprehensive and serve only as short-term protections. Details are available in the advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v.

Details

CWE(s): CWE-94 CWE-89

Affected Products

n8n

2.14.0 · ≤ 1.123.27 · 2.0.0 — 2.13.3

CVEs Like This One

CVE-2026-27497Same product: N8N N8N

CVE-2026-27495Same product: N8N N8N

CVE-2026-27498Same product: N8N N8N

CVE-2026-33713Same product: N8N N8N

CVE-2026-27577Same product: N8N N8N

CVE-2026-33696Same product: N8N N8N

CVE-2026-27494Same product: N8N N8N

CVE-2026-27493Same product: N8N N8N

CVE-2026-21877Same product: N8N N8N

CVE-2026-25056Same product: N8N N8N

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v
Vendor Advisory, Mitigation · security-advisories@github.com