CVE-2026-44792
Awaiting Analysis Awaiting Analysis - Queue
SQL Injection in n8n Workflow Automation Platform

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance. Exploitation requires the n8n instance uses PostgreSQL as its database backend, the Source Control feature is enabled and connected to a repository the attacker can write to, and an administrator triggers a Source Control Pull. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-44792
EUVD
EUVD-2026-38486
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.43 (exc)
n8n n8n to 2.20.7 (exc)
n8n n8n to 2.21.1 (exc)
n8n n8n to 2.22.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an attacker to perform SQL injection on the internal PostgreSQL database of the n8n platform if certain conditions are met. Such an attack could lead to unauthorized access, modification, or disclosure of sensitive data stored within the database.

Unauthorized access or compromise of sensitive data can negatively impact compliance with common standards and regulations such as GDPR and HIPAA, which require protection of personal and health-related information against breaches and unauthorized access.

Therefore, if exploited, this vulnerability could result in violations of data protection requirements mandated by these regulations, potentially leading to legal and financial consequences for affected organizations.

Executive Summary

CVE-2026-44792 is a high-severity SQL injection vulnerability in the n8n workflow automation platform versions prior to 1.123.43, 2.20.7, and 2.21.1.

The vulnerability occurs when an attacker who has write access to a git repository connected to n8n's Source Control feature commits a malicious Data Table JSON file containing a specially crafted column name.

When an administrator performs a Source Control Pull, n8n imports this malicious file, which can lead to SQL injection attacks on the internal PostgreSQL database used by n8n.

Exploitation requires that the n8n instance uses PostgreSQL as its database backend, the Source Control feature is enabled and connected to a repository writable by the attacker, and an administrator triggers the pull.

The issue has been fixed in versions 1.123.43, 2.22.1, and 2.20.7.

Impact Analysis

This vulnerability can allow an attacker to perform SQL injection on the internal PostgreSQL database of the n8n instance.

Successful exploitation could lead to unauthorized data access, data manipulation, or corruption within the database.

Because the attack requires write access to the connected git repository and an administrator to trigger a Source Control Pull, the risk is elevated in environments where repository access controls are weak or administrative actions are not carefully managed.

Temporary mitigations include disabling the Source Control feature, restricting write access to the repository, or avoiding pulls from untrusted repositories, but these do not fully eliminate the risk.

Detection Guidance

Detection of this vulnerability involves verifying if your n8n instance is running a vulnerable version prior to 1.123.43, 2.20.7, or 2.21.1, and if the Source Control feature is enabled and connected to a git repository with write access.

You can check the n8n version by running the following command on the system hosting n8n:

  • n8n --version

To verify if Source Control is enabled and configured, inspect the n8n configuration or environment variables related to Source Control settings.

Additionally, review the connected git repository permissions to confirm if untrusted users have write access.

There are no specific network detection commands or signatures provided for this vulnerability.

Mitigation Strategies

Immediate mitigation steps include:

  • Upgrade n8n to version 1.123.43, 2.22.1, or 2.20.7 or later, where the vulnerability is fixed.
  • Disable the Source Control feature temporarily to prevent importing potentially malicious Data Table JSON files.
  • Restrict write access to the connected git repository to trusted users only.
  • Avoid performing Source Control Pull operations from untrusted or potentially compromised repositories.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44792. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart