Workflow Automation Platform SQL Injection Vulnerability in n8n
CVE-2026-44792

8.9HIGH

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-44792?

The vulnerability in n8n allows an attacker with write access to a connected git repository to manipulate Data Table JSON files. This could result in crafted column names leading to SQL injection upon an admin-triggered Source Control Pull. It is critical that n8n instances using PostgreSQL and enabling Source Control are secured from unauthorized access to prevent exploitation.

Affected Version(s)

n8n < 1.123.43 < 1.123.43

n8n >= 2.0.0-rc.0, < 2.20.7 < 2.0.0-rc.0, 2.20.7

n8n >= 2.21.0, < 2.21.1 < 2.21.0, 2.21.1

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-mh...

x_refsource_CONFIRM

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44792 Data

JSON

N8n-io

What is CVE-2026-44792?

Affected Version(s)

References

CVSS V4

Timeline