What is the CVSS score of CVE-2026-54310?

CVE-2026-54310 has a CVSS 3.1 base score of 9.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Is there a patch available for CVE-2026-54310?

Yes, a patch is available for CVE-2026-54310. Update the affected software to the latest version immediately.

n8n CVE-2026-54310

MEDIUM

SQL Injection (CWE-89)

2026-06-16 https://github.com/n8n-io/n8n

GHSA-c37g-w77q-m4vp

PostgreSQL SQLi

9.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

vuln.today AI

9.9 CRITICAL

Network-accessible n8n web UI requires only low-privilege workflow editor role; SQL injection escapes application into database (S:C) yielding full CIA impact on database contents.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

Jun 16, 2026 - 18:26 vuln.today

Analysis Generated

Jun 16, 2026 - 18:26 vuln.today

CVE Published

Jun 16, 2026 - 17:51 github-advisory

MEDIUM 9.9

DescriptionGitHub Advisory

Impact

An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account.

Patches

The issue has been fixed in n8n versions 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

Limit workflow creation and editing permissions to fully trusted users only.
Disable the Postgres and TimescaleDB node by adding n8n-nodes-base.postgres, n8n-nodes-base.timescaleDb to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

SQL injection in n8n's legacy Postgres v1 and TimescaleDB workflow nodes allows an authenticated workflow editor to inject and execute arbitrary SQL against the connected database, operating under the privileges of the configured database account. Affected versions span all n8n npm releases below 2.25.7 and the 2.26.0-2.26.1 range, with the CVSS 9.9 score reflecting a confirmed scope change: the injection escapes the n8n application layer into the underlying database system (S:C), enabling full confidentiality, integrity, and availability compromise of database contents. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to n8n with workflow editor credentials

Delivery

Create or modify workflow containing Postgres v1 or TimescaleDB node

Exploit

Inject crafted SQL payload into node parameters

Execution

n8n executes unsanitized query against connected database

Persist

Exfiltrate, modify, or destroy database contents

Impact

Escalate via database account privileges if over-permissioned

Access

Authenticate to n8n with workflow editor credentials

Delivery

Create or modify workflow containing Postgres v1 or TimescaleDB node

Exploit

Inject crafted SQL payload into node parameters

Execution

n8n executes unsanitized query against connected database

Persist

Exfiltrate, modify, or destroy database contents

Impact

Escalate via database account privileges if over-permissioned

Vulnerability AssessmentAI

Exploitation	The attacker must be authenticated to the n8n instance and hold a role that permits creating or modifying workflows - this is not a default end-user capability and requires explicit permission assignment by an n8n administrator. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The vendor-assigned CVSS 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) is well-calibrated and independently corroborated by the advisory description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who holds n8n credentials with workflow editor rights creates or modifies a workflow, embedding SQL injection payloads within the parameters of a Postgres v1 or TimescaleDB node - for example, crafting a table name or query field that terminates the intended SQL and appends a malicious statement such as a UNION SELECT to exfiltrate credential tables or a DROP TABLE to destroy data. The injected SQL executes server-side under the identity of the database account configured in the n8n credential store, meaning a DBA-level account could yield full database control or even OS command execution via PostgreSQL's `COPY TO PROGRAM`. …
Remediation	The primary remediation is to upgrade n8n to version 2.25.7 or 2.26.2 (or any later release), as confirmed by the vendor advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-c37g-w77q-m4vp. … Detailed patch versions, workarounds, and compensating controls in full report.