n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities
Take action: If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.
Learn More
The automation platform n8n released security updates to patch multiple vulnerabilities, including two critical remote code execution (RCE) flaws. These issues allow authenticated users with workflow creation permissions to run arbitrary commands on the host system or steal sensitive credentials.
Vulnerabilities summary:
- CVE-2026-33660 (CVSS score 10.0) - A sandbox escape in the Merge node's SQL mode that uses the AlaSQL library. The technical mechanism involves using specific SQL statements that the sandbox does not restrict, allowing an authenticated attacker to read local files on the host. This flaw results in remote code execution and a complete takeover of the n8n instance and the server it runs on.
- CVE-2026-33696 (CVSS score 10.0) - A prototype pollution vulnerability in the GSuiteAdmin node parameters. Attackers can supply crafted parameters to write malicious values onto the global
Object.prototype, which alters the core behavior of the application. This mechanism allows an authenticated user to trigger remote code execution on the n8n server with full system privileges. - CVE-2026-33663 (CVSS score 9.9) - A credential theft vulnerability in the Community Edition caused by chained authorization flaws in the credential pipeline. The attack uses a name-based resolution path and a bypass in the permission checker to let users with the member role access plaintext secrets. This allows unauthorized users to decrypt and use credentials like
httpBasicAuthorhttpHeaderAuthbelonging to other users on the same instance.
Exploiting these flaws leads to full system compromise and the theft of organizational data. Attackers can dyrsl sensitive information including API keys for connected services like Slack and OpenAI, database credentials and passwords
- Internal workflow logic and business secrets
- Plaintext secrets from generic HTTP credentials
Because n8n connects to critical infrastructure, a breach allows attackers to move through the corporate network and access proprietary systems.
The vulnerabilities affect the 1.x branch before 1.123.27 and the 2.x branches before 2.13.3 or 2.14.1 are at risk. The credential theft issue (CVE-2026-33663) only affects the Community Edition because the Enterprise Edition has extra security gates that block the specific attack chain.
Administrators should update self-hosted instances to versions 1.123.27, 2.13.3, or 2.14.1 immediately to remediate these risks. If updating is not possible, limit workflow creation and editing permissions to only highly trusted users. You can also reduce the attack surface by disabling the vulnerable Merge and XML nodes by adding them to the NODES_EXCLUDE environment variable as a temporary measure.
