⚠️ Security Alert: Critical SQL Injection in n8n
Affected Package
- Package: n8n (n8nio/n8n)
- Vulnerable Version: 1.42.1 (your current version)
- Fixed Version: 1.123.61
- CVE: CVE-2026-59257
- Severity: HIGH (CVSS 8.8)
Vulnerability Description
n8n contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated expression values directly into the raw SQL string without parameterization.
Current Configuration
Your docker-compose.yml uses image: n8nio/n8n:1.42.1 which is vulnerable.
Recommended Fix
Update to the patched version:
image: n8nio/n8n:1.123.61
Note
Version 1.42.1 is significantly outdated. Consider updating to the latest stable version for all security patches.
If you need help implementing the fix, consider supporting this security research: Buy Me a Coffee
Affected Package
Vulnerability Description
n8n contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated expression values directly into the raw SQL string without parameterization.
Current Configuration
Your docker-compose.yml uses
image: n8nio/n8n:1.42.1which is vulnerable.Recommended Fix
Update to the patched version:
Note
Version 1.42.1 is significantly outdated. Consider updating to the latest stable version for all security patches.
If you need help implementing the fix, consider supporting this security research: Buy Me a Coffee