n8n SQL Injection Vulnerability in Snowflake and Legacy MySQL v1 Nodes

A SQL injection vulnerability has been identified in the open-source workflow automation platform n8n, affecting versions prior to 1.123.32, 2.17.4, and 2.18.1. The issue arises in the Snowflake node and the legacy MySQL v1 node, where SQL queries are constructed by directly inserting user-controlled table names, column names, and update keys into query strings without proper escaping. This oversight allows for SQL injection attacks against the connected database. Exploitation requires specific workflow configurations that involve passing unvalidated external user input into identifier fields via expressions.

Impact

Successful exploitation of this vulnerability could lead to unauthorized data access, modification, or deletion in the affected database.

Remediation

Users are advised to upgrade to n8n versions 1.123.32, 2.17.4, or 2.18.1. If an immediate upgrade is not possible, consider limiting workflow permissions to trusted users, migrating from the legacy MySQL v1 node to the MySQL v2 node, disabling the Snowflake node, or avoiding the use of unvalidated external input in the affected nodes.