CVE-2026-33751
published 2026-03-25CVE-2026-33751: n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP…
PriorityP426medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
EPSS
0.24%
15.5th percentile
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.123.27 | 1.123.27 |
| n8n-io | n8n | — | — |
| n8n-io | n8n | — | — |
| n8n | n8n | < 1.123.27 | 1.123.27 |
| n8n | n8n | — | — |
| n8n | n8n | >= 0 < 1.123.27 | 1.123.27 |
| n8n | n8n | >= 2.0.0 < 2.13.3 | 2.13.3 |
| n8n | n8n | >= 2.0.0-rc.0 < 2.13.3 | 2.13.3 |
| n8n | n8n | >= 2.14.0 < 2.14.1 | 2.14.1 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
n8n Vulnerable to LDAP Filter Injection in LDAP Node
osv·2026-03-26
CVE-2026-33751 [MEDIUM] n8n Vulnerable to LDAP Filter Injection in LDAP Node
n8n Vulnerable to LDAP Filter Injection in LDAP Node
## Impact
A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow.
Exploitation requires a specific workflow configuration:
- The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook).
## Patches
The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to re
GHSA
n8n Vulnerable to LDAP Filter Injection in LDAP Node
ghsa·2026-03-26
CVE-2026-33751 [MEDIUM] CWE-90 n8n Vulnerable to LDAP Filter Injection in LDAP Node
n8n Vulnerable to LDAP Filter Injection in LDAP Node
## Impact
A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow.
Exploitation requires a specific workflow configuration:
- The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook).
## Patches
The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to re
No detection rules found.
No public exploits indexed.
Wiz
GHSA-38c7-23hj-2wgq Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-38c7-23hj-2wgq Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-38c7-23hj-2wgq :
n8n vulnerability analysis and mitigation
## Impact
An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject crafted payloads into the connected workflow.
## Patches
The issue has been fixed in n8n versions 2.6.2 and 1.123.18. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit workflow creation and editing permissions to fully trusted users only.
Restrict ne
Wiz
GHSA-mqpr-49jj-32rc Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-mqpr-49jj-32rc Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-mqpr-49jj-32rc :
n8n vulnerability analysis and mitigation
## Impact
An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliveries, allowing any party to spoof GitHub webhook events.
## Patches
The issue has been fixed in n8n versions 2.5.0 and 1.123.15. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit workflow creation and editing permissions to fully trusted users only.
Rest
Wiz
GHSA-w673-8fjw-457c Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-w673-8fjw-457c Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-w673-8fjw-457c :
n8n vulnerability analysis and mitigation
## Impact
An authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary external URL. The vulnerability could be used to facilitate phishing attacks.
## Patches
The issue has been fixed in n8n versions 1.123.24, 2.10.4 and 2.12.0. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit workflow creation and editing permissions to
Wiz
GHSA-jh8h-6c9q-7gmw Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-jh8h-6c9q-7gmw Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-jh8h-6c9q-7gmw :
n8n vulnerability analysis and mitigation
## Impact
When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented.
This issue requires the Chat Trigger node to be configured with n8n User Auth authentication (non-default).
## Patches
The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit workflow creation and editing permissions to fully trusted users only.
Use a different authentication method for the Chat Trigger node, or restrict network access to the webhook
Wiz
GHSA-3c7f-5hgj-h279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-3c7f-5hgj-h279 Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-3c7f-5hgj-h279 :
n8n vulnerability analysis and mitigation
## Impact
sanitize-html
## Patches
The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit workflow creation and editing permissions to fully trusted users only.
@n8n/n8n-nodes-langchain.chatTrigger
NODES_EXCLUDE
Source : NVD
## 5.1
Score
Published March 27, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploita
Wiz
GHSA-fvfv-ppw4-7h2w Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-fvfv-ppw4-7h2w Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-fvfv-ppw4-7h2w :
n8n vulnerability analysis and mitigation
## Impact
An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions.
## Patches
The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit access to trusted users.
Review asses the practical impact of guardrail bypasses in your usecase and adjust your workflow accordingly.These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Source : NVD
## 6.3
Score
Published February 26, 202
Wiz
CVE-2026-33751 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33751 [MEDIUM] CVE-2026-33751 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33751 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.ldap
NODES_EXCLUDE
Source : NVD
## 6.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity MEDIUM Has Fix Added at: Mar 29, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
Wiz
GHSA-q4fm-pjq6-m63g Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-q4fm-pjq6-m63g Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-q4fm-pjq6-m63g :
n8n vulnerability analysis and mitigation
## Impact
An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation.
## Patches
The issue has been fixed in n8n versions 2.12.0, 2.11.2, and 1.123.25. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consid
Wiz
GHSA-f3f2-mcxc-pwjx Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-f3f2-mcxc-pwjx Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-f3f2-mcxc-pwjx :
n8n vulnerability analysis and mitigation
## Impact
An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted table or column names, an attacker could inject arbitrary SQL because the MySQL, PostgreSQL, and Microsoft SQL nodes did not escape identifier values when constructing queries, enabling injection through node configuration parameters.
## Patches
The issue has been fixed in n8n version 2.4.0. Users should upgrade to this version or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possibl
Wiz
GHSA-364x-8g5j-x2pr Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-364x-8g5j-x2pr Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-364x-8g5j-x2pr :
n8n vulnerability analysis and mitigation
## Impact
An authenticated user with permission to create and share credentials could craft a malicious OAuth2 credential containing a JavaScript URL in the Authorization URL field. If a victim opened the credential and interacted with the OAuth authorization button, the injected script would execute in their browser session.
## Patches
The issue has been fixed in n8n versions 2.8.0 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Limit credential creation and sharing permissions to fully trusted users only.
Restrict access to the n8n inst
Wiz
GHSA-vjf3-2gpj-233v Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
[MEDIUM] GHSA-vjf3-2gpj-233v Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-vjf3-2gpj-233v :
n8n vulnerability analysis and mitigation
## Impact
An authenticated user signed in through Single Sign-On (SSO) could disable SSO enforcement for their own account through the n8n API. This allowed the user to create a local password and authenticate directly with email and password, completely bypassing the organization's SSO policy, centralized identity management, and any identity-provider-enforced multi-factor authentication.
## Patches
The issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
Monitor audit logs for users who create local credentials after au
2026-03-25
Published