CVE-2026-33660 Overview
CVE-2026-33660 is a critical code injection vulnerability affecting n8n, an open source workflow automation platform. The vulnerability exists in the Merge node's "Combine by SQL" mode, which uses AlaSQL for processing SQL statements. Due to insufficient restrictions in the AlaSQL sandbox, an authenticated user with workflow creation or modification permissions can craft malicious SQL statements to read local files on the n8n host and achieve remote code execution.
Critical Impact
Authenticated attackers can escape the AlaSQL sandbox to read sensitive files from the server filesystem and execute arbitrary code, potentially leading to full compromise of the n8n instance and underlying infrastructure.
Affected Products
- n8n versions prior to 2.14.1
- n8n versions prior to 2.13.3
- n8n versions prior to 1.123.26
Discovery Timeline
- 2026-03-25 - CVE-2026-33660 published to NVD
- 2026-03-26 - Last updated in NVD database
Technical Details for CVE-2026-33660
Vulnerability Analysis
This vulnerability is classified as CWE-94 (Improper Control of Generation of Code - Code Injection). The flaw resides in how n8n implements the AlaSQL-based SQL processing within the Merge node's "Combine by SQL" functionality. The sandbox environment intended to restrict SQL operations does not adequately prevent certain statement types that can be leveraged for filesystem access and code execution.
When an authenticated user with workflow creation or modification permissions creates or edits a workflow containing a Merge node configured to use "Combine by SQL" mode, they can inject specially crafted SQL statements that bypass the sandbox restrictions. This allows the attacker to perform operations outside the intended scope of the SQL processing feature.
Root Cause
The root cause stems from insufficient input validation and inadequate sandboxing of the AlaSQL engine within the Merge node. The AlaSQL library provides various SQL-like capabilities, and certain statements or functions were not properly restricted by n8n's sandbox implementation. This oversight allows attackers to escape the intended boundaries and interact directly with the underlying system through the SQL interface.
Attack Vector
The attack requires network access and low-privilege authentication. An attacker must have valid credentials with permissions to create or modify workflows within the n8n platform. Once authenticated, the attacker can:
- Create a new workflow or modify an existing one
- Add or configure a Merge node with "Combine by SQL" mode
- Inject malicious SQL statements designed to read local files or execute system commands
- Trigger the workflow execution to exploit the sandbox escape
The vulnerability can be exploited to read sensitive configuration files containing credentials, access private keys, or execute arbitrary code on the server hosting the n8n instance. Given that n8n workflows often contain integration credentials and API keys, successful exploitation could lead to lateral movement across connected systems.
Detection Methods for CVE-2026-33660
Indicators of Compromise
- Unusual workflow modifications or creations involving Merge nodes with SQL mode
- Unexpected file access patterns from the n8n process
- Anomalous SQL queries containing filesystem paths or system command syntax within workflow logs
- New or modified workflows created by users who do not typically perform automation development
Detection Strategies
- Monitor workflow audit logs for creation or modification of workflows containing Merge nodes with "Combine by SQL" configuration
- Implement file integrity monitoring on the n8n server to detect unauthorized file reads
- Review authentication logs for unusual access patterns to the n8n administrative interface
- Deploy endpoint detection and response (EDR) solutions to identify code execution from the n8n process context
Monitoring Recommendations
- Enable comprehensive logging for n8n workflow executions and administrative actions
- Configure alerts for SQL mode usage in Merge nodes, particularly from users with limited trust
- Monitor network traffic from the n8n host for unexpected outbound connections that may indicate data exfiltration
- Implement behavioral analysis to detect anomalous n8n process activities such as spawning child processes or accessing sensitive system files
How to Mitigate CVE-2026-33660
Immediate Actions Required
- Upgrade n8n to version 2.14.1, 2.13.3, or 1.123.26 or later immediately
- Audit existing workflows for any Merge nodes using "Combine by SQL" mode
- Review user permissions and restrict workflow creation/modification to fully trusted users only
- Check n8n logs for any suspicious workflow activity that may indicate prior exploitation attempts
Patch Information
n8n has released security patches addressing this vulnerability in versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later as soon as possible. For detailed information about the security fix, refer to the GitHub Security Advisory.
Workarounds
- Limit workflow creation and editing permissions to fully trusted users only as an interim measure
- Disable the Merge node entirely by adding n8n-nodes-base.merge to the NODES_EXCLUDE environment variable
- Implement network segmentation to limit the impact of potential compromise
- Consider running n8n in a containerized environment with restricted filesystem access
# Disable the Merge node as a temporary workaround
# Add the following to your n8n environment configuration
export NODES_EXCLUDE="n8n-nodes-base.merge"
# Restart n8n after applying the environment variable
systemctl restart n8n
# or for Docker deployments
docker restart n8n-container
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
