CVE-2026-42229 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 6, 2026
n8n - SQL Injection
Published: May 4, 2026Updated: May 6, 2026Remote Exploitable
Overview
n8n < 1.123.32, 2.17.4, 2.18.1 contains a SQL injection caused by unescaped user input concatenated into SQL queries in SeaTable node's row:search and row:get operations, letting attackers bypass row-level filtering to retrieve unintended data, exploit requires external user input passed via expressions.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can retrieve unintended rows from SeaTable bases, bypassing row-level filtering and exposing sensitive data.
Mitigation
Update to versions 1.123.32, 2.17.4, 2.18.1 or later.
Related Resources
Details
- CVE ID
- CVE-2026-42229
- Severity
- High
- CVSS Score
- 8.8
- Type
- sql_injection
- Status
- confirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H