CVE 8.9 HIGH

n8n: Source Control Pull SQL Injection_CVE-2026-44792

June 23, 2026 invoker category_cve

8.9 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance. Exploitation requires the n8n instance uses PostgreSQL as its database backend, the Source Control feature is enabled and connected to a repository the attacker can write to, and an administrator triggers a Source Control Pull. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

AI Analysis

SQL injection vulnerability in n8n Source Control configuration

Basic Information

ID CVE-2026-44792

Source GitHub_M

Published Jun 23, 2026 at 15:55

Modified Jun 23, 2026 at 17:44

Affected Product

Vendor n8n-io

Product n8n

Version < 1.123.43

Affected Versions n8n-io n8n < 1.123.43
n8n-io n8n >= 2.0.0-rc.0, < 2.20.7
n8n-io n8n >= 2.21.0, < 2.21.1

CWE Classification

CWE-89

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor n8n-io

Product n8n

Version < 1.123.43, < 2.20.7, < 2.21.1

References

github.com /n8n-io/n8n/security/advisories/GHSA-mhrx-qhrj-673w

{
    "lastseen": "",
    "description": "n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance. Exploitation requires the n8n instance uses PostgreSQL as its database backend, the Source Control feature is enabled and connected to a repository the attacker can write to, and an administrator triggers a Source Control Pull. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.",
    "published": "2026-06-23T15:55:30.252Z",
    "modified": "2026-06-23T17:44:07.800Z",
    "type": "cve",
    "title": "n8n: Source Control Pull SQL Injection",
    "source": "GitHub_M",
    "references": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mhrx-qhrj-673w",
    "id": "CVE-2026-44792",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n8n-io n8n < 1.123.43\nn8n-io n8n >= 2.0.0-rc.0, < 2.20.7\nn8n-io n8n >= 2.21.0, < 2.21.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n8n",
    "version": "< 1.123.43",
    "vendor": "n8n-io",
    "ai_description": "SQL injection vulnerability in n8n Source Control configuration",
    "ai_severity": "High",
    "ai_vendor": "n8n-io",
    "ai_product": "n8n",
    "ai_version": "< 1.123.43, < 2.20.7, < 2.21.1",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply