CVE-2026-54310
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply crafted parameters to the TimescaleDB and/or legacy Postgres v1 node, allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account.
Risk Assessment
This vulnerability could lead to unauthorized access to database data, posing a serious threat to the integrity and confidentiality of information within the organization.
Recommendation
It is recommended to update n8n to versions 2.25.7 or 2.26.2 to mitigate this vulnerability and review user permissions to reduce risk.
Original NVD description (English source)
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account. This vulnerability is fixed in 2.25.7 and 2.26.2.

