Primary

Context

n8n Merge Node Arbitrary File Write Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A vulnerability exists in the Merge node's SQL Query mode in n8n, an open-source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, authenticated users with permission to create or modify workflows could write arbitrary files to the n8n server's filesystem. This file write capability potentially allowed for remote code execution.

Impact

Exploitation of this vulnerability could lead to arbitrary file writing on the server, with the potential for remote code execution.

Remediation

Users should upgrade to n8n version 2.4.0 or 1.118.0. If an immediate upgrade is not possible, consider limiting workflow creation and editing permissions to trusted users, disabling or restricting the Merge node's use, and reviewing workflows for suspicious SQL Query mode usage.

Added: Feb 4, 2026, 5:22 PM

Updated: Feb 4, 2026, 5:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.8

exploitability

4.9

remediation

7.9

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.8

exploitability

4.9

remediation

7.9

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

n8n Merge Node Arbitrary File Write Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

n8n

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating