{"data":{"id":"67ce6bc2-1b78-4c38-b386-f45aff5684c6","title":"GHSA-mp4j-h6gh-f6mp: n8n has SQL Injection in SeaTable Node","summary":"A SQL injection (inserting malicious code into database queries) flaw in n8n's SeaTable node allowed attackers to manipulate search and row retrieval operations when user-controlled input was passed into the node without proper safeguards, potentially exposing unintended database rows. The vulnerability required a specific workflow setup where external input from sources like forms or webhooks was directly used in search parameters.","solution":"The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, temporary mitigations include: restricting workflow creation and editing permissions to trusted users only; disabling the SeaTable node by adding `n8n-nodes-base.seaTable` to the `NODES_EXCLUDE` environment variable; and avoiding unvalidated external user input in SeaTable node parameters.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp","publishedAt":"2026-04-29T21:10:58.000Z","cveId":"CVE-2026-42229","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0, < 2.17.4 (fixed: 2.17.4)","n8n@>= 2.18.0, < 2.18.1 (fixed: 2.18.1)","n8n@< 1.123.32 (fixed: 1.123.32)"],"affectedVendors":[],"affectedVendorsRaw":["n8n","SeaTable"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-29T21:10:58.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}