Impact
The vulnerability is a NoSQL injection that occurs within the MongoDB node of n8n when an authenticated user with workflow edit rights supplies a malicious filter value during a Find And Replace operation. Because the input is transmitted directly to MongoDB without validation, the attacker can craft a query that matches any documents and overwrite them with attacker‑controlled data. This flaw, classified as CWE‑89, enables unauthorized modification of data, potentially leading to data loss or corruption. The issue is fixed in n8n version 2.24.0.
Affected Systems
The affected vendor is n8n‑io and the product is n8n. Versions prior to 2.24.0 are vulnerable; 2.24.0 and later contain the fix. DB node is used in workflows and users can edit workflow configurations.
Risk and Exploitability
The CVSS score of 6.5. EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely known public exploits. Exploitation requires legitimate authentication and edit‑level permissions for a workflow; there is no remote exploitation via the public interface unless authentication is exposed. Therefore, the threat surface is limited to systems with many users who possess workflow edit rights.
OpenCVE Enrichment
Github GHSA