{"data":{"id":"04ce1603-cd67-403d-a930-29f2ba2d4ada","title":"GHSA-c37g-w77q-m4vp: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes","summary":"n8n, a workflow automation tool, has a SQL injection vulnerability (a flaw that lets attackers insert malicious database commands) in its Postgres v1 and TimescaleDB nodes. An authenticated user with permission to create or edit workflows could exploit this to run arbitrary SQL commands against connected databases with the privileges of the configured database account.","solution":"The issue has been fixed in n8n versions 2.25.7 and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability. As temporary workarounds, administrators can limit workflow creation and editing permissions to fully trusted users only, or disable the Postgres and TimescaleDB nodes by adding `n8n-nodes-base.postgres` and `n8n-nodes-base.timescaleDb` to the `NODES_EXCLUDE` environment variable. However, the source notes that these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-c37g-w77q-m4vp","publishedAt":"2026-06-16T17:51:32.000Z","cveId":"CVE-2026-54310","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":["n8n@< 2.25.7 (fixed: 2.25.7)","n8n@>= 2.26.0, < 2.26.2 (fixed: 2.26.2)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-16T17:51:32.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}