Description
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Published: 2026-03-25
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized LDAP data exposure and authentication bypass through filter injection
Action: Immediate Patch
AI Analysis

Impact

The flaw in n8n’s LDAP node allows LDAP metacharacters to bypass escape filtering when user‑controlled input is inserted via expressions, enabling an attacker to craft malicious LDAP search filters. This can result in the retrieval of unintended LDAP records or the disruption of authentication checks built into a workflow. The weakness is a classic LDAP injection type vulnerability, classified as CWE‑90.

Affected Systems

n8n-io’s n8n platform is affected. Vulnerable releases fall below version 1.123.27, 2.13.3, and 2.14.1. Users running any of these prior releases should consider them at risk if the LDAP node is used with external input in expressions.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.3, indicating medium severity. No EPSS score is provided, and the issue is not currently listed in CISA’s KEV catalog. Exploitation requires a workflow that employs the LDAP node with user‑controlled data supplied via expressions—such as from a form or webhook—allowing attackers to manipulate the LDAP filter. The attack vector is thus indirect and limited to configured workflows, but once triggered can expose sensitive data or bypass authentication blocks.

Generated by OpenCVE AI on March 25, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.27, 2.13.3, 2.14.1 or later.
  • If an upgrade cannot be performed immediately, limit workflow creation and editing privileges to fully trusted users only.
  • Disable the LDAP node by adding n8n-nodes-base.ldap to the NODES_EXCLUDE environment variable.
  • Ensure external user input is not passed unvalidated into LDAP node search parameters via expressions.

Generated by OpenCVE AI on March 25, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w83q-mcmx-mh42 n8n Vulnerable to LDAP Filter Injection in LDAP Node
History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 25 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Title n8n Vulnerable to LDAP Filter Injection in LDAP Node
Weaknesses CWE-90
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-25T19:11:15.782Z

Reserved: 2026-03-23T18:30:14.125Z

Link: CVE-2026-33751

cve-icon Vulnrichment

Updated: 2026-03-25T19:11:09.902Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T19:16:51.670

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-33751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:34:11Z

Weaknesses