Description
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with attacker-controlled content. This vulnerability is fixed in 2.24.0.
Published: 2026-06-23
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a NoSQL injection that occurs within the MongoDB node of n8n when an authenticated user with workflow edit rights supplies a malicious filter value during a Find And Replace operation. Because the input is transmitted directly to MongoDB without validation, the attacker can craft a query that matches any documents and overwrite them with attacker‑controlled data. This flaw, classified as CWE‑89, enables unauthorized modification of data, potentially leading to data loss or corruption. The issue is fixed in n8n version 2.24.0.

Affected Systems

The affected vendor is n8n‑io and the product is n8n. Versions prior to 2.24.0 are vulnerable; 2.24.0 and later contain the fix. DB node is used in workflows and users can edit workflow configurations.

Risk and Exploitability

The CVSS score of 6.5. EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely known public exploits. Exploitation requires legitimate authentication and edit‑level permissions for a workflow; there is no remote exploitation via the public interface unless authentication is exposed. Therefore, the threat surface is limited to systems with many users who possess workflow edit rights.

Generated by OpenCVE AI on June 24, 2026 at 11:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply n8n version 2.24.0 or later
  • Restrict workflow edit permissions to trusted users only
  • Review existing workflows for potentially malicious filter values

Generated by OpenCVE AI on June 24, 2026 at 11:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jpq7-226w-6cxx n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with attacker-controlled content. This vulnerability is fixed in 2.24.0.
Title n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 6.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:03:29.099Z

Reserved: 2026-06-12T18:42:02.222Z

Link: CVE-2026-54313

cve-icon Vulnrichment

Updated: 2026-06-23T16:32:17.435Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')