{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-44792/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["n8n"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-44792","source-control"],"_cs_type":"advisory","_cs_vendors":["n8n GmbH"],"content_html":"\u003cp\u003eA SQL injection vulnerability (CVE-2026-44792) has been identified in n8n, a workflow automation platform. The vulnerability resides within the Source Control feature when used with a PostgreSQL database backend. An attacker with write access to the Git repository configured for Source Control can inject malicious SQL code by crafting a Data Table JSON file containing a specially crafted column name. When an administrator performs a Source Control Pull operation, the n8n instance imports the attacker-modified file, which then triggers the SQL injection vulnerability in the internal PostgreSQL instance. The vulnerability impacts n8n versions prior to 1.123.43, versions between 2.0.0-rc.0 and 2.20.7, and versions between 2.21.0 and 2.21.1. Successful exploitation allows the attacker to execute arbitrary SQL queries on the n8n PostgreSQL database.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains write access to the Git repository configured for n8n\u0026rsquo;s Source Control feature.\u003c/li\u003e\n\u003cli\u003eAttacker creates a malicious Data Table JSON file. This file contains a crafted column name designed to inject SQL code when processed by n8n.\u003c/li\u003e\n\u003cli\u003eThe malicious JSON file is committed to the Git repository.\u003c/li\u003e\n\u003cli\u003eAn n8n administrator initiates a Source Control Pull operation within the n8n interface.\u003c/li\u003e\n\u003cli\u003en8n retrieves the latest changes from the Git repository, including the attacker\u0026rsquo;s malicious Data Table JSON file.\u003c/li\u003e\n\u003cli\u003en8n attempts to import the Data Table JSON file. Due to insufficient input validation, the crafted column name is not properly sanitized.\u003c/li\u003e\n\u003cli\u003eThe unsanitized column name is used in a dynamically constructed SQL query against the PostgreSQL database.\u003c/li\u003e\n\u003cli\u003eThe SQL injection vulnerability is triggered, allowing the attacker to execute arbitrary SQL commands on the n8n PostgreSQL instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-44792) allows an attacker with write access to the Git repository to execute arbitrary SQL commands on the n8n PostgreSQL database. This could lead to sensitive data exfiltration, modification, or deletion. The attacker could also potentially gain control of the n8n instance or the underlying server, depending on the privileges of the database user. The impact is limited to n8n instances using PostgreSQL as the database backend.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.43, 2.20.7, 2.21.1 or later to patch CVE-2026-44792 as described in the advisory.\u003c/li\u003e\n\u003cli\u003eRestrict write access to the Git repository connected to the n8n Source Control feature to only fully trusted users, as mentioned in the workarounds.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, disable the Source Control feature if it is not actively required to prevent exploitation of CVE-2026-44792.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:25:57Z","date_published":"2026-05-14T16:25:57Z","id":"https://feed.craftedsignal.io/briefs/2026-05-n8n-sqli/","summary":"A SQL injection vulnerability (CVE-2026-44792) exists in n8n when using PostgreSQL and the Source Control feature, allowing an attacker with write access to the connected Git repository to inject malicious SQL via a crafted column name in a Data Table JSON file during a Source Control Pull.","title":"n8n Source Control Pull SQL Injection Vulnerability (CVE-2026-44792)","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-44792","version":"https://jsonfeed.org/version/1.1"}