CVE-2026-42237 | n8n-io n8n up to 1.123.31/2.17.3/2.18.0 Query String sql injection (GHSA-hp3c-vfpm-q4f7)

A vulnerability was found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0 and classified as critical. Impacted is an unknown function of the component Query String Handler. Executing a manipulation can lead to sql injection.

This vulnerability is handled as CVE-2026-42237. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More