CVE-2026-44792
n8n Has a Source Control Pull SQL Injection
Description
## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance. Exploitation requires all of the following conditions: - The n8n instance uses PostgreSQL as its database backend. - The Source Control feature is enabled and connected to a repository the attacker can write to. - An administrator triggers a Source Control Pull. ## Patches The issue has been fixed in n8n version 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Disable the Source Control feature if it is not actively required. - Restrict write access to the connected git repository to fully trusted users only. - Avoid pulling from repositories that may have been modified by untrusted parties. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
How to fix CVE-2026-44792
To remediate CVE-2026-44792, upgrade the affected package to a fixed version below.
- —upgrade to 1.123.43 or later
Is CVE-2026-44792 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-44792.
Affected packages (1)
- from 0, < 1.123.43
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |