Vulnerabilities4 min read
n8n Merge Node Flaw Exposes 615K Instances to RCE
CVE-2026-33660 (CVSS 9.4) lets authenticated users escape n8n's AlaSQL sandbox via the Merge node. Over 615,000 public instances potentially vulnerable.
Marcus ChenMar 31, 2026