js · n8nHeads-up
n8n SQL Injection in TimescaleDB and Postgres v1 Nodes
SQL injection vulnerability in TimescaleDB and legacy Postgres v1 nodes allows arbitrary SQL execution.
What changed
SQL injection vulnerability in TimescaleDB and legacy Postgres v1 nodes allows arbitrary SQL execution.
Who it affects
Authenticated users with permission to create or modify workflows using TimescaleDB or Postgres v1 nodes.
What to do today
Upgrade n8n to version 2.25.7 or 2.26.2, or apply workarounds: restrict workflow permissions and disable affected nodes via NODES_EXCLUDE.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · n8n