A critical security flaw has been identified in n8n, a widely used open-source workflow automation platform, exposing host servers to Remote Code Execution (RCE) attacks. This vulnerability, designated as CVE-2026-33660, allows authenticated attackers to bypass security restrictions, access sensitive data, and potentially gain full control over the host system.
Understanding the Vulnerability
The root of this vulnerability lies within the Merge node of n8n workflows, particularly when the Combine by SQL mode is activated. n8n employs an AlaSQL sandbox to safely execute SQL operations. However, security researchers have discovered that this sandbox inadequately restricts certain SQL statements. This oversight enables attackers to inject malicious code through the node, exploiting the system’s improper handling of externally influenced input—a classic case of code injection (CWE-94).
Exploitation and Impact
An attacker with permissions to create or modify workflows can exploit this sandbox escape to read local files directly from the n8n host system. This access can be escalated to execute arbitrary code remotely, granting administrative control over the server infrastructure. The severity of CVE-2026-33660 is underscored by its critical rating across both CVSS 3.1 and CVSS 4.0 frameworks. The attack vector is network-based, with low complexity, requiring no user interaction and only low-level privileges. Once an attacker compromises an account capable of editing workflows, they can potentially take over the entire server, jeopardizing system confidentiality, integrity, and availability.
Remediation and Mitigation
The n8n development team has addressed this issue in their latest releases on GitHub. System administrators and security teams are strongly urged to update their instances immediately to prevent exploitation. If immediate patching is not feasible, temporary mitigations include auditing user access and limiting workflow creation and modification permissions to trusted personnel. Additionally, administrators can disable the vulnerable component by appending `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. However, these workarounds are not permanent solutions, and applying the official patches remains the most effective remediation strategy.
Broader Context of n8n Vulnerabilities
This is not the first time n8n has faced critical security issues. In December 2025, a remote code execution vulnerability (CVE-2025-68613) was discovered, affecting over 103,000 instances worldwide. This flaw allowed authenticated attackers to execute arbitrary code with full process privileges, potentially leading to complete system compromise. The vulnerability existed within n8n’s workflow expression evaluation system, where expressions entered by authenticated users were executed without proper isolation, granting access to the underlying system. Patches were released across multiple update tracks, and users were strongly advised to upgrade to the latest versions.
In January 2026, another critical vulnerability, dubbed Ni8mare (CVE-2026-21858), was identified. This unauthenticated remote code execution flaw allowed attackers to execute arbitrary system commands and achieve full host compromise without triggering alarms. The vulnerability affected all n8n versions prior to 1.121.0 and posed the highest risk to self-hosted, internet-exposed deployments. The flaw stemmed from how n8n’s webhook components parsed incoming requests, allowing attackers to manipulate request parsing logic and override file handling mechanisms. Organizations were urged to update to version 1.121.0 or later and implement network segmentation to prevent external access to automation platforms.
In February 2026, a critical remote code execution vulnerability was discovered, allowing authenticated attackers to execute arbitrary system commands on the host server by leveraging weaponized workflows. This flaw represented a significant regression and expansion of the previously identified CVE-2025-68613, highlighting persistent risks in the platform’s expression evaluation engine. The core issue resided in how n8n processed dynamic expressions within workflow nodes, allowing authenticated users to inject malicious payloads into these parameters. Patches were released in versions v1.123.17 and v2.5.2, and organizations were urged to upgrade immediately.
Conclusion
The recurrence of critical vulnerabilities in n8n underscores the importance of proactive security measures and timely updates. Organizations utilizing n8n should prioritize immediate patching to the latest available versions, audit workflow permissions, and monitor system logs for unauthorized activity. Given the critical nature and broad exposure of these vulnerabilities, treating them as high-priority security incidents is essential for protecting automation infrastructure and sensitive data.
