Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit a8fa1b0c25be · 2026-03-26T16:43:08.000Z
GHSA-98c2-4cr3-4jc3 GHSA-mxrg-77hm-89hv
diff --git a/advisories/github-reviewed/2026/03/GHSA-98c2-4cr3-4jc3/GHSA-98c2-4cr3-4jc3.json b/advisories/github-reviewed/2026/03/GHSA-98c2-4cr3-4jc3/GHSA-98c2-4cr3-4jc3.json
@@ -0,0 +1,106 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-98c2-4cr3-4jc3",
+  "modified": "2026-03-26T16:41:26Z",
+  "published": "2026-03-26T16:41:26Z",
+  "aliases": [
+    "CVE-2026-33713"
+  ],
+  "summary": "n8n has SQL Injection in Data Table Node via orderByColumn Expression",
+  "details": "## Impact\nAn authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement execution is possible, enabling data modification and deletion.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Data Table node by adding `n8n-nodes-base.dataTable` to the `NODES_EXCLUDE` environment variable.\n- Review existing workflows for Data Table Get nodes where `orderByColumn` is set to an expression that incorporates external or user-supplied input.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "n8n"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.123.26"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "n8n"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.14.0"
+            },
+            {
+              "fixed": "2.14.1"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "2.14.0"
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "n8n"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.0.0-rc.0"
+            },
+            {
+              "fixed": "2.13.3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33713"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/n8n-io/n8n"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-26T16:41:26Z",
+    "nvd_published_at": "2026-03-25T18:16:32Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-mxrg-77hm-89hv/GHSA-mxrg-77hm-89hv.json b/advisories/github-reviewed/2026/03/GHSA-mxrg-77hm-89hv/GHSA-mxrg-77hm-89hv.json
@@ -0,0 +1,106 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mxrg-77hm-89hv",
+  "modified": "2026-03-26T16:41:01Z",
+  "published": "2026-03-26T16:41:01Z",
+  "aliases": [
+    "CVE-2026-33696"
+  ],
+  "summary": "n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE",
+  "details": "## Impact\nAn authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the GSuiteAdmin node. By supplying a crafted parameter as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance.\n\n## Patches\nThe issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "n8n"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.14.0"
+            },
+            {
+              "fixed": "2.14.1"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "2.14.0"
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "n8n"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.0.0-rc.0"
+            },
+            {
+              "fixed": "2.13.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "n8n"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.123.27"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33696"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/n8n-io/n8n"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1321"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-26T16:41:01Z",
+    "nvd_published_at": "2026-03-25T18:16:32Z"
+  }
+}
