{"data":{"id":"a4e54c98-27ca-4bac-86ba-efacf5c77e37","title":"GHSA-mhrx-qhrj-673w: n8n Has a Source Control Pull SQL Injection","summary":"n8n (a workflow automation platform) has a SQL injection vulnerability (a type of attack where malicious code is inserted into database queries) in its Source Control Pull feature. An attacker with write access to a connected git repository could commit a malicious file that, when pulled by an administrator, executes harmful SQL commands on n8n's internal PostgreSQL database (the system that stores data).","solution":"The issue has been fixed in n8n version 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should: disable the Source Control feature if not actively required, restrict write access to the connected git repository to fully trusted users only, or avoid pulling from repositories that may have been modified by untrusted parties. The source notes these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mhrx-qhrj-673w","publishedAt":"2026-05-14T16:18:00.000Z","cveId":"CVE-2026-44792","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0-rc.0, < 2.20.7 (fixed: 2.20.7)","n8n@>= 2.21.0, < 2.21.1 (fixed: 2.21.1)","n8n@< 1.123.43 (fixed: 1.123.43)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T16:18:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}