Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The SeaTable node in n8n prior to versions 1.123.32, 2.17.4, and 2.18.1 allows user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. This SQL injection flaw enables an attacker to manipulate the query to retrieve unintended rows from the linked SeaTable base, effectively bypassing any row‑level filtering logic defined in the workflow. The result is that confidential data can be disclosed to an unauthorized party.

Affected Systems

Affected systems are installations of the open‑source workflow automation platform n8n provided by n8n‑io. Any instance using an earlier release than 1.123.32 for version 1.x, 2.17.4 for 2.x, or 2.18.1 for the latest 2.x branch is vulnerable. The flaw originates in the SeaTable node’s row:search and row:get operations.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate severity with medium confidentiality impact and no authentication requirement. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, suggesting a relatively low exploitation probability. The likely attack vector is through expressions that supply external user input to the SeaTable node; an attacker can craft the input within a workflow that is executed by the system, making the vulnerability exploitable in a deployed environment.

Generated by OpenCVE AI on May 4, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.32, 2.17.4, or 2.18.1 or later to apply the vendor patch.
  • If upgrading immediately is not possible, remove or disable SeaTable nodes that receive untrusted input, or restrict the expressions to trusted data only.
  • Apply defensive input validation or sanitization on data passed to the SeaTable node and review all workflows for potential unfiltered user input.

Generated by OpenCVE AI on May 4, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mp4j-h6gh-f6mp n8n has SQL Injection in SeaTable Node
History

Wed, 06 May 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*
cpe:2.3:a:n8n:n8n:2.18.0:*:*:*:enterprise:node.js:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 05 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Tue, 05 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title n8n: SQL Injection in SeaTable Node
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T15:00:25.477Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42229

cve-icon Vulnrichment

Updated: 2026-05-05T15:00:14.092Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T19:16:05.060

Modified: 2026-05-06T14:56:49.967

Link: CVE-2026-42229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:30:05Z

Weaknesses