Is CVE-2026-56351 in the CISA KEV catalog?

No. CVE-2026-56351 is not currently on the CISA Known Exploited Vulnerabilities list.

What is the CVSS severity of CVE-2026-56351?

CVE-2026-56351 has a CVSS v3 base score of 8.2 (HIGH).

CVE & CISA-KEV Catalog

CVE-2026-56351

HIGH

8.2

CVSS v3

NVD

Description

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integrity.

CWE-89SQL Injection

CVSS v3 Vector

Exploitability

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredLow

User InteractionNone

ScopeChanged

Impact

ConfidentialityHigh

IntegrityHigh

AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Exploit Intelligence

EPSS data unavailable for this CVE.

References

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-24.