📄 Description (English)
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
🤖 AI Executive Summary
CVE-2026-42229 is a SQL injection vulnerability in n8n's SeaTable node affecting versions prior to 1.123.32, 2.17.4, and 2.18.1. The flaw allows attackers to manipulate SQL queries through unescaped user input in row search and retrieval operations, potentially exposing sensitive data from SeaTable databases. With a CVSS score of 8.8, this poses a significant risk to organizations using n8n for workflow automation with SeaTable integrations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 8, 2026 13:36
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in financial services, government digital transformation initiatives, and healthcare sectors using n8n for workflow automation are at elevated risk. Banking institutions (SAMA-regulated) integrating SeaTable for customer data management, government agencies (NCA oversight) automating processes with external data sources, and healthcare providers managing patient records through n8n workflows face potential data breach exposure. Energy sector organizations and telecommunications companies using n8n for operational automation could experience unauthorized access to sensitive operational data.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Manufacturing
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Audit all n8n workflows utilizing SeaTable nodes, particularly those processing external user input
2. Identify workflows where user-controlled data flows into row:search or row:get operations
3. Implement input validation and sanitization at workflow entry points
4. Review SeaTable access logs for suspicious query patterns
Patching Guidance:
1. Upgrade n8n to versions 1.123.32, 2.17.4, or 2.18.1 immediately
2. Test patches in non-production environments before deployment
3. Coordinate upgrades during maintenance windows to minimize workflow disruption
Compensating Controls (if immediate patching unavailable):
1. Disable SeaTable node usage until patched
2. Implement network-level access controls restricting SeaTable database connections
3. Apply row-level security policies at the SeaTable database level
4. Use parameterized queries and stored procedures in SeaTable configurations
5. Implement workflow-level input validation using n8n's expression validation features
Detection Rules:
1. Monitor n8n logs for SeaTable node executions with SQL metacharacters in parameters (', ", --, ;, /**/)
2. Alert on SeaTable queries returning unexpected row counts
3. Track modifications to SeaTable node configurations in workflows
4. Monitor for unusual SeaTable API calls with complex filter expressions
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع سير العمل في n8n التي تستخدم عقد SeaTable، خاصة تلك التي تعالج مدخلات المستخدم الخارجية
2. تحديد سير العمل حيث تتدفق البيانات المتحكم فيها من قبل المستخدم إلى عمليات row:search أو row:get
3. تطبيق التحقق من صحة المدخلات والتطهير في نقاط دخول سير العمل
4. مراجعة سجلات وصول SeaTable للبحث عن أنماط الاستعلام المريبة
إرشادات التصحيح:
1. ترقية n8n إلى الإصدارات 1.123.32 أو 2.17.4 أو 2.18.1 فوراً
2. اختبار التصحيحات في بيئات غير الإنتاج قبل النشر
3. تنسيق الترقيات خلال نوافذ الصيانة لتقليل تعطل سير العمل
الضوابط البديلة (إذا لم يكن التصحيح الفوري متاحاً):
1. تعطيل استخدام عقدة SeaTable حتى يتم التصحيح
2. تطبيق ضوابط الوصول على مستوى الشبكة لتقييد اتصالات قاعدة بيانات SeaTable
3. تطبيق سياسات الأمان على مستوى الصف في مستوى قاعدة بيانات SeaTable
4. استخدام الاستعلامات المعاملة والإجراءات المخزنة في تكوينات SeaTable
5. تطبيق التحقق من صحة المدخلات على مستوى سير العمل باستخدام ميزات التحقق من التعبيرات في n8n
قواعد الكشف:
1. مراقبة سجلات n8n لتنفيذ عقدة SeaTable مع أحرف SQL الوصفية في المعاملات (', ", --, ;, /**/)
2. التنبيه على استعلامات SeaTable التي تُرجع عدد صفوف غير متوقع
3. تتبع التعديلات على تكوينات عقدة SeaTable في سير العمل
4. مراقبة استدعاءات API غير العادية في SeaTable مع تعبيرات تصفية معقدة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 - 5.2.1: Access Control and Authentication
ECC 2024 - 5.3.1: Data Protection and Encryption
ECC 2024 - 5.4.1: Application Security
ECC 2024 - 5.5.1: Vulnerability Management
🔵 SAMA CSF
SAMA CSF - Governance: Risk Management Framework
SAMA CSF - Protective: Data Protection and Privacy
SAMA CSF - Protective: Application Security
SAMA CSF - Detective: Monitoring and Logging
🟡 ISO 27001:2022
ISO 27001:2022 - A.5.1.1: Policies for information security
ISO 27001:2022 - A.8.1.1: User endpoint devices
ISO 27001:2022 - A.8.2.1: User access management
ISO 27001:2022 - A.14.2.1: Secure development policy
ISO 27001:2022 - A.14.2.5: Secure development environment
🟣 PCI DSS v4.0.1
PCI DSS 4.1: Render PAN unreadable
PCI DSS 6.5.1: Injection flaws
PCI DSS 6.2: Security patches and updates
PCI DSS 10.2: Implement automated audit trails
📦 Affected Products / CPE 3 entries
n8n:n8n
n8n:n8n
n8n:n8n:2.18.0