Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical n8n RCE Vulnerability (CVE-2024-29023) Patched
CyberSecurity News

Critical n8n RCE Vulnerability (CVE-2024-29023) Patched

Key Takeaways A critical remote code execution (RCE) vulnerability, CVE-2026-33660, has been discovered in n8n, an open-source workflow automation platform. The flaw allows authenticated attackers to...

Emy Elsamnoudy
Emy Elsamnoudy
March 30, 2026 2 Min Read
41 0

Key Takeaways

  • A critical remote code execution (RCE) vulnerability, CVE-2026-33660, has been discovered in n8n, an open-source workflow automation platform.
  • The flaw allows authenticated attackers to bypass security sandboxes within the “Merge” node, leading to full host server compromise.
  • The vulnerability carries a Critical severity rating (CVSS 3.1 and 4.0) and requires only low-level privileges for exploitation.
  • N8n has released patches; immediate updates are strongly recommended for all users.

Critical RCE Flaw in n8n Exposes Host Servers to Full Compromise

A significant security vulnerability has been identified within n8n, a popular open-source platform for workflow automation, potentially allowing for remote code execution (RCE) on host servers. This critical flaw poses a severe risk to organizations leveraging n8n for their automated processes.

Table Of Content

  • Key Takeaways
  • Critical RCE Flaw in n8n Exposes Host Servers to Full Compromise
  • AlaSQL Sandbox Escape Facilitates Server Takeover
  • What You Should Do

Designated as CVE-2026-33660, the vulnerability enables authenticated attackers to circumvent existing security controls, access sensitive data, and ultimately gain complete control over the underlying server instance hosting n8n.

AlaSQL Sandbox Escape Facilitates Server Takeover

The root cause of this vulnerability lies within the “Merge” node of n8n workflows, specifically when users activate the “Combine by SQL” mode. N8n utilizes an AlaSQL sandbox to ensure the safe execution of SQL operations. However, security researchers found that this sandbox inadequately restricts certain SQL statements.

Due to improper control over code generation from external input (classified as CWE-94: Code Injection), attackers can inject malicious instructions through this node. If an attacker possesses the basic permission to create or modify workflows, they can exploit this sandbox escape to read local files directly from the n8n host system.

This initial access can then be escalated to execute arbitrary code remotely, granting attackers deep administrative privileges on the server infrastructure.

Both CVSS 3.1 and CVSS 4.0 frameworks assign a Critical severity rating to CVE-2026-33660, underscoring the severe threat it presents to enterprise automation environments. The attack vector is strictly network-based and has low complexity. Alarmingly, exploitation requires no user interaction and only necessitates low-level privileges.

Once an attacker compromises any account with workflow editing capabilities, they can pivot to a full server takeover, thereby compromising the confidentiality, integrity, and availability of the entire system.

The n8n development team has officially released patches for this issue in their latest GitHub releases. Security teams and system administrators are strongly advised to update their n8n instances immediately to prevent potential exploitation.

What You Should Do

  • Apply Patches Immediately: Update your n8n instances to the latest patched versions as soon as possible. This is the only permanent solution.
  • Audit User Permissions: Review and strictly limit workflow creation and modification permissions to only fully trusted personnel.
  • Implement Temporary Mitigations (If Patching is Delayed):
    • Disable the vulnerable component by adding n8n-nodes-base.merge to the NODES_EXCLUDE environment variable.
  • Monitor for Suspicious Activity: Regularly monitor n8n logs and server activity for any signs of unauthorized access or unusual behavior.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVEExploitPatchSecurityThreatVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical Grafana Flaws Allow Remote Code Execution

Next Post

New CanisterWorm Malware Targets Docker, Kubernetes, Redis for Secret Theft

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us