Critical n8n flaw can let attackers reach remote code execution through Merge node SQL mode

A critical n8n vulnerability can let an authenticated attacker move from workflow editing rights to remote code execution on the host server. GitHub’s advisory for n8n says the bug affects the Merge node’s “Combine by SQL” mode, where the AlaSQL sandbox did not properly restrict certain SQL statements. The impact is serious because the attacker […] The post Critical n8n flaw can let attackers reach remote code execution through Merge node SQL mode appeared first on VPN Central.