Description
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Published: 2026-03-25
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized LDAP information disclosure or authentication bypass via crafted inputs
Action: Immediate Patch
AI Analysis

Impact

n8n’s LDAP node contains a flaw in its filter‑escaping logic that allows LDAP metacharacters to cross the boundary when user‑controlled data is interpolated into search filters. This enables an attacker to craft a filter that returns records the workflow should not see or bypass workflow‑level authentication checks. The weakness corresponds to CWE‑90 and can lead to confidential data leakage or unauthorized access within the target directory.

Affected Systems

The vulnerability affects n8n workloads running any of the following versions: 1.122.0 through 1.123.26, 2.13.0 through 2.13.2, and 2.14.0. Users of n8n 2.14.1 or newer, or 1.123.27 or newer, are not affected. The impact is limited to systems that deploy the LDAP node within workflows that accept externally supplied expressions, such as forms or webhooks, and do not sanitize that input before passing it to the node.

Risk and Exploitability

The CVSS score of 6.3 indicates a medium risk if the required workflow conditions are met. The EPSS score of less than 1% suggests low exploit probability at this time, and the vulnerability is not in the CISA KEV list. An attacker would need an operational n8n instance with the LDAP node enabled, a workflow that passes user input to the node via an expression, and the ability to supply crafted LDAP filter components. Successful exploitation can expose sensitive directory data or allow an attacker to bypass authentication embedded in the workflow.

Generated by OpenCVE AI on March 27, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.27, 2.13.3, 2.14.1, or later
  • Restrict permissions for workflow editing so only trusted users can create or modify workflows that use the LDAP node
  • Set the environment variable NODES_EXCLUDE to include n8n-nodes-base.ldap to disable the vulnerable node
  • Avoid passing unvalidated external user input into the LDAP node’s search parameters via expressions
  • If no upgrade possible, monitor for updates and apply fixes as soon as available

Generated by OpenCVE AI on March 27, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w83q-mcmx-mh42 n8n Vulnerable to LDAP Filter Injection in LDAP Node
History

Fri, 27 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
cpe:2.3:a:n8n:n8n:2.14.0:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 25 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Title n8n Vulnerable to LDAP Filter Injection in LDAP Node
Weaknesses CWE-90
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-25T19:11:15.782Z

Reserved: 2026-03-23T18:30:14.125Z

Link: CVE-2026-33751

cve-icon Vulnrichment

Updated: 2026-03-25T19:11:09.902Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T19:16:51.670

Modified: 2026-03-27T19:28:01.093

Link: CVE-2026-33751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:28:11Z

Weaknesses