Compliance Impact

This vulnerability allows a low-privileged attacker to intercept workflow data processed by other users on the same multi-user n8n instance. Because sensitive data from different users or projects can be exposed due to prototype pollution in the Merge node's SQL Query mode, this could lead to unauthorized access to personal or protected information.

Such unauthorized data exposure may impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls to prevent unauthorized access and ensure confidentiality of personal and sensitive data.

Therefore, until the vulnerability is patched or mitigated, affected systems may be at risk of non-compliance with these standards due to potential data leakage between users.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-54311 is a vulnerability in n8n, an open-source workflow automation platform. It affects versions prior to 2.25.7 and 2.26.2. The issue arises in the Merge node's SQL Query mode, where an authenticated user with permission to create or modify workflows can manipulate the sandbox environment used by this node.

Because the sandbox context is cached and reused across all workflow executions on the instance, prototype mutations introduced by one user's workflow persist into subsequent Merge SQL executions belonging to other users or projects. This means that a low-privileged attacker could intercept workflow data processed by other users on the same instance.

This vulnerability only affects multi-user n8n instances where more than one user has permission to create and execute workflows containing the Merge node in SQL Query mode. The issue has been fixed in versions 2.25.7 and 2.26.2.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow a low-privileged attacker to intercept and access workflow data processed by other users on the same n8n instance. Since the sandbox context is shared and reused, malicious prototype mutations can persist and affect other users' workflows.

The impact is primarily on confidentiality, as sensitive workflow data could be exposed to unauthorized users. There is no reported impact on data integrity or availability.

This risk is especially relevant in multi-user environments where multiple users have permissions to create and execute workflows with the Merge node in SQL Query mode.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, you should upgrade n8n to version 2.25.7 or 2.26.2 where the issue is fixed.

As temporary mitigations, you can restrict workflow creation permissions to trusted users only.

Alternatively, you can disable the Merge node by setting the NODES_EXCLUDE environment variable to prevent its usage.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects multi-user n8n instances where users have permission to create or modify workflows containing the Merge node in SQL Query mode. Detection involves verifying the n8n version and checking workflow configurations.

• Check the n8n version to see if it is prior to 2.25.7 or 2.26.2, which are the patched versions.
• Review user permissions to identify if multiple users have the ability to create or modify workflows.
• Inspect workflows for usage of the Merge node in SQL Query mode.

Suggested commands to assist detection:

• To check the n8n version, run: `n8n --version`
• To list workflows and inspect for Merge node usage, use the n8n API or database queries depending on your setup. For example, querying the database for workflows containing the Merge node in SQL Query mode.
• Audit user permissions via the n8n UI or API to identify users with workflow creation/modification rights.

Since the vulnerability involves prototype pollution in the sandbox reused across executions, monitoring unusual data leakage or cross-user data access in workflows may also indicate exploitation.

Useful 0 Not Useful 0