Critical n8n flaw can let attackers reach remote code execution through Merge node SQL mode

A critical n8n vulnerability can let an authenticated attacker move from workflow editing rights to remote code execution on the host server. GitHub’s advisory for n8n says the bug affects the Merge node’s “Combine by SQL” mode, where the AlaSQL sandbox did not properly restrict certain SQL statements.

The impact is serious because the attacker does not need admin access to the whole platform. According to the advisory, any authenticated user who can create or modify workflows could read local files on the n8n host and then achieve remote code execution. GitHub rates the issue Critical with a CVSS v4 score of 9.4.

The bug is tracked as CVE-2026-33660. GitHub’s advisory says users should upgrade to patched versions immediately because the current workarounds only reduce exposure and do not fully remove the risk.

How the n8n vulnerability works

The weakness sits in the Merge node when a workflow uses “Combine by SQL.” GitHub says the AlaSQL sandbox did not sufficiently restrict certain SQL statements, which opened a path for hostile input to break out of the intended safety boundary.

Once inside that path, an attacker with workflow editing rights could read local files from the n8n host. The advisory says that file access could then be used to compromise the instance and reach remote code execution.

This is not an unauthenticated internet-wide bug. The attacker must first hold an account with permission to create or modify workflows. Even so, GitHub scores the issue as network-exploitable, low complexity, no user interaction, and low privileges required, which is why the overall severity lands in the Critical range.

Vulnerability snapshot

Affected and fixed n8n versions

GitHub’s n8n advisory says the issue affects versions below 2.14.1, below 2.13.3, and below 1.123.27. The patched versions are 2.14.1, 2.13.3, and 1.123.27.

The GitHub Advisory Database entry gives a more explicit range breakdown: version 2.14.0 is affected, versions from 2.0.0-rc.0 up to but not including 2.13.3 are affected, and versions below 1.123.27 are affected. That means both older stable branches and newer releases fell into the vulnerable window.

Admins should not wait for a maintenance cycle here. The advisory is clear that upgrading to one of the fixed versions or later is the proper remediation path.

What teams should do right now

The fastest and safest fix is to update n8n to 2.14.1, 2.13.3, or 1.123.27, depending on your branch. GitHub’s advisory says those releases address the issue.

If you cannot patch immediately, n8n recommends limiting workflow creation and editing permissions to fully trusted users only. That step matters because the exploit requires those privileges in the first place.

As a second temporary step, admins can disable the Merge node by adding n8n-nodes-base.merge to the NODES_EXCLUDE environment variable. GitHub warns that these measures do not fully remediate the issue and should only serve as short-term mitigations.

Immediate checklist

• Upgrade n8n to 2.14.1, 2.13.3, or 1.123.27
• Audit who can create or modify workflows
• Disable the Merge node temporarily if patching must wait
• Review recent workflows that used “Combine by SQL”
• Treat exposed hosts as higher risk if untrusted users had workflow-edit access

FAQ