AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-wxx7-mcgf-j869: n8n has Potential Remote Code Execution via Merge Node

criticalvulnerability

security

Source: GitHub Advisory DatabaseFebruary 25, 2026CVE-2026-27497

Summary

n8n, a workflow automation tool, has a vulnerability where authenticated users with workflow editing permissions could use the Merge node's SQL query mode to execute arbitrary code (running any commands they want on the server) and write files to the n8n server. This is a serious security issue because it lets trusted insiders cause significant damage.

Solution / Mitigation

The vulnerability is fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22 or later. If upgrading immediately is not possible, administrators can temporarily restrict workflow creation and editing permissions to only fully trusted users, or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable (a configuration setting that tells n8n which features to turn off). Note: these workarounds do not fully eliminate the risk and are only short-term measures.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Affected Packages

n8n@>= 2.10.0, < 2.10.1 (fixed: 2.10.1)n8n@>= 2.0.0, < 2.9.3 (fixed: 2.9.3)n8n@< 1.123.22 (fixed: 1.123.22)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 25, 2026 at 11:00 PM

Classified by LLM (prompt v3) · confidence: 85%