Source-Control — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/source-control/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 14 May 2026 16:25:57 +0000n8n Source Control Pull SQL Injection Vulnerability (CVE-2026-44792)https://feed.craftedsignal.io/briefs/2026-05-n8n-sqli/Thu, 14 May 2026 16:25:57 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-n8n-sqli/A SQL injection vulnerability (CVE-2026-44792) exists in n8n when using PostgreSQL and the Source Control feature, allowing an attacker with write access to the connected Git repository to inject malicious SQL via a crafted column name in a Data Table JSON file during a Source Control Pull.A SQL injection vulnerability (CVE-2026-44792) has been identified in n8n, a workflow automation platform. The vulnerability resides within the Source Control feature when used with a PostgreSQL database backend. An attacker with write access to the Git repository configured for Source Control can inject malicious SQL code by crafting a Data Table JSON file containing a specially crafted column name. When an administrator performs a Source Control Pull operation, the n8n instance imports the attacker-modified file, which then triggers the SQL injection vulnerability in the internal PostgreSQL instance. The vulnerability impacts n8n versions prior to 1.123.43, versions between 2.0.0-rc.0 and 2.20.7, and versions between 2.21.0 and 2.21.1. Successful exploitation allows the attacker to execute arbitrary SQL queries on the n8n PostgreSQL database.

Attack Chain

  1. Attacker gains write access to the Git repository configured for n8n’s Source Control feature.
  2. Attacker creates a malicious Data Table JSON file. This file contains a crafted column name designed to inject SQL code when processed by n8n.
  3. The malicious JSON file is committed to the Git repository.
  4. An n8n administrator initiates a Source Control Pull operation within the n8n interface.
  5. n8n retrieves the latest changes from the Git repository, including the attacker’s malicious Data Table JSON file.
  6. n8n attempts to import the Data Table JSON file. Due to insufficient input validation, the crafted column name is not properly sanitized.
  7. The unsanitized column name is used in a dynamically constructed SQL query against the PostgreSQL database.
  8. The SQL injection vulnerability is triggered, allowing the attacker to execute arbitrary SQL commands on the n8n PostgreSQL instance.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-44792) allows an attacker with write access to the Git repository to execute arbitrary SQL commands on the n8n PostgreSQL database. This could lead to sensitive data exfiltration, modification, or deletion. The attacker could also potentially gain control of the n8n instance or the underlying server, depending on the privileges of the database user. The impact is limited to n8n instances using PostgreSQL as the database backend.

Recommendation

  • Upgrade n8n to version 1.123.43, 2.20.7, 2.21.1 or later to patch CVE-2026-44792 as described in the advisory.
  • Restrict write access to the Git repository connected to the n8n Source Control feature to only fully trusted users, as mentioned in the workarounds.
  • If upgrading is not immediately possible, disable the Source Control feature if it is not actively required to prevent exploitation of CVE-2026-44792.
]]>highadvisorysql-injectioncve-2026-44792source-control