CVE-2026-42229 - Vulnerability Details

- n8n: SQL Injection in SeaTable Node

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

Published: 2026-05-04

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The SeaTable node in n8n prior to versions 1.123.32, 2.17.4, and 2.18.1 allows user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. This SQL injection flaw enables an attacker to manipulate the query to retrieve unintended rows from the linked SeaTable base, effectively bypassing any row‑level filtering logic defined in the workflow. The result is that confidential data can be disclosed to an unauthorized party.

Affected Systems

Affected systems are installations of the open‑source workflow automation platform n8n provided by n8n‑io. Any instance using an earlier release than 1.123.32 for version 1.x, 2.17.4 for 2.x, or 2.18.1 for the latest 2.x branch is vulnerable. The flaw originates in the SeaTable node’s row:search and row:get operations.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate severity with medium confidentiality impact and no authentication requirement. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, suggesting a relatively low exploitation probability. The likely attack vector is through expressions that supply external user input to the SeaTable node; an attacker can craft the input within a workflow that is executed by the system, making the vulnerability exploitable in a deployed environment.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n8n-io

n8n

affected

Version	Status	Constraints
`< 1.123.32`	affected	—
`>= 2.17.0, < 2.17.4`	affected	—
`>= 2.18.0, < 2.18.1`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade n8n to version 1.123.32, 2.17.4, or 2.18.1 or later to apply the vendor patch.
If upgrading immediately is not possible, remove or disable SeaTable nodes that receive untrusted input, or restrict the expressions to trusted data only.
Apply defensive input validation or sanitization on data passed to the SeaTable node and review all workflows for potential unfiltered user input.

Generated by OpenCVE AI on May 4, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp

History

Mon, 04 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title		n8n: SQL Injection in SeaTable Node
Weaknesses		CWE-89
References		https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-04T18:27:44.785Z

Updated: 2026-05-04T18:27:44.785Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42229

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-04T19:16:05.060

Modified: 2026-05-04T19:16:05.060

Link: CVE-2026-42229

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T20:30:08Z

Weaknesses

CWE-89

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object