{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33751", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T18:30:14.125Z", "datePublished": "2026-03-25T18:47:39.149Z", "dateUpdated": "2026-03-25T19:11:15.782Z"}, "containers": {"cna": {"title": "n8n Vulnerable to LDAP Filter Injection in LDAP Node", "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "lang": "en", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42"}], "affected": [{"vendor": "n8n-io", "product": "n8n", "versions": [{"version": "< 1.123.27", "status": "affected"}, {"version": ">= 2.0.0-rc.0, < 2.13.3", "status": "affected"}, {"version": "= 2.14.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T18:47:39.149Z"}, "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}], "source": {"advisory": "GHSA-w83q-mcmx-mh42", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T19:10:55.970733Z", "id": "CVE-2026-33751", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:11:15.782Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33751", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T19:10:55.970733Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:11:09.902Z"}}], "cna": {"title": "n8n Vulnerable to LDAP Filter Injection in LDAP Node", "source": {"advisory": "GHSA-w83q-mcmx-mh42", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "n8n-io", "product": "n8n", "versions": [{"status": "affected", "version": "< 1.123.27"}, {"status": "affected", "version": ">= 2.0.0-rc.0, < 2.13.3"}, {"status": "affected", "version": "= 2.14.0"}]}], "references": [{"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42", "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T18:47:39.149Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33751", "state": "PUBLISHED", "dateUpdated": "2026-03-25T19:11:15.782Z", "dateReserved": "2026-03-23T18:30:14.125Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-25T18:47:39.149Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}], "id": "CVE-2026-33751", "lastModified": "2026-03-25T19:16:51.670", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-25T19:16:51.670", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-90"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T20:21:09.573211+00:00", "value": {"mitigation_remediation": ["Upgrade n8n to version 1.123.27, 2.13.3, 2.14.1 or later.", "If an upgrade cannot be performed immediately, limit workflow creation and editing privileges to fully trusted users only.", "Disable the LDAP node by adding n8n-nodes-base.ldap to the NODES_EXCLUDE environment variable.", "Ensure external user input is not passed unvalidated into LDAP node search parameters via expressions."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized LDAP data exposure and authentication bypass through filter injection"}, "threat_synthesis": {"affected_systems": "n8n-io\u2019s n8n platform is affected. Vulnerable releases fall below version 1.123.27, 2.13.3, and 2.14.1. Users running any of these prior releases should consider them at risk if the LDAP node is used with external input in expressions.", "description_and_impact": "The flaw in n8n\u2019s LDAP node allows LDAP metacharacters to bypass escape filtering when user\u2011controlled input is inserted via expressions, enabling an attacker to craft malicious LDAP search filters. This can result in the retrieval of unintended LDAP records or the disruption of authentication checks built into a workflow. The weakness is a classic LDAP injection type vulnerability, classified as CWE\u201190.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.3, indicating medium severity. No EPSS score is provided, and the issue is not currently listed in CISA\u2019s KEV catalog. Exploitation requires a workflow that employs the LDAP node with user\u2011controlled data supplied via expressions\u2014such as from a form or webhook\u2014allowing attackers to manipulate the LDAP filter. The attack vector is thus indirect and limited to configured workflows, but once triggered can expose sensitive data or bypass authentication blocks."}}}}, "created": "2026-03-25T21:46:27.075005+00:00", "updated": "2026-03-25T21:46:27.075074+00:00", "vendors": []}