CVE-2026-56351
Received Received - Intake
SQL Injection in n8n Workflow Automation Platform

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: VulnCheck

Description
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integrity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-56351
EUVD
EUVD-2026-38753
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
n8n n8n to 2.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56351 is a SQL injection vulnerability in n8n versions prior to 2.4.0 affecting MySQL, PostgreSQL, and Microsoft SQL nodes.

Authenticated users with workflow creation permissions can inject arbitrary SQL commands by supplying specially crafted table or column names in node configuration parameters.

This happens because the nodes fail to properly escape identifier values when constructing SQL queries, allowing attackers to execute unauthorized database commands.

Impact Analysis

This vulnerability can lead to unauthorized execution of SQL commands on the database used by n8n.

Attackers can compromise data integrity by injecting malicious SQL, potentially altering or corrupting data.

Because the vulnerability requires authenticated users with workflow creation permissions, it can be exploited by insiders or compromised accounts.

Mitigation Strategies

To mitigate the CVE-2026-56351 vulnerability, users should upgrade n8n to version 2.4.0 or later, where the issue has been patched.

As temporary mitigations, restrict workflow creation and modification permissions to trusted users only.

Additionally, disabling the affected MySQL, PostgreSQL, and Microsoft SQL nodes via environment variables can reduce risk, although this does not fully resolve the vulnerability.

Compliance Impact

The vulnerability allows authenticated users to execute unauthorized SQL commands, potentially compromising data integrity and confidentiality.

Such unauthorized access and manipulation of data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data integrity.

Therefore, if exploited, this vulnerability could result in violations of these standards due to compromised data security controls.

Detection Guidance

This vulnerability affects n8n versions prior to 2.4.0 in the MySQL, PostgreSQL, and Microsoft SQL nodes, allowing authenticated users with workflow creation permissions to inject arbitrary SQL through unescaped identifier values in node configuration parameters.

Detection involves verifying the version of n8n in use and checking for the presence of vulnerable nodes configured with unescaped or suspicious table or column names.

Since the vulnerability requires authenticated access with workflow creation permissions, monitoring for unusual workflow creation or modification activities and reviewing node configurations for suspicious SQL identifiers can help detect exploitation attempts.

No specific detection commands or network signatures are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart