CNNVD-202602-612 Information

CNNVD ID

CNNVD-202602-612

Related CVE

CVE-2026-25056

• CNNVD Published: 2026-02-04

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.118.0之前版本和2.4.0之前版本存在安全漏洞，该漏洞源于Merge节点的SQL查询模式存在漏洞，可能导致写入任意文件和远程代码执行。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. n8n 1.118.0 and 2.4.0 have a security loophole, which stems from a loophole in the SQL query mode at the Merge node, which could lead to the writing of any file and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

n8n

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm https://access.redhat.com/security/cve/cve-2026-25056

Patch

https://github.com/n8n-io/n8n/releases