CVE-2026-33751 is a medium-severity LDAP Injection vulnerability identified in the open-source workflow automation platform n8n. The issue stems from improper neutralization of special LDAP metacharacters within the LDAP node's filter escape logic prior to versions 1.123.27, 2.13.3, and 2.14.1. Specifically, when user-controlled input is interpolated into LDAP search filters via expressions in workflows, the input is not properly escaped, allowing attackers to inject malicious LDAP queries. This can lead to unauthorized retrieval of LDAP records or bypass of authentication mechanisms implemented within the workflow. Exploitation requires a workflow that uses the LDAP node with external user input passed through expressions, such as from forms or webhooks, making the attack vector dependent on specific workflow configurations. The vulnerability does not require authentication or user interaction, increasing its risk if such workflows are exposed. The issue was publicly disclosed and fixed in the specified versions, with no known exploits in the wild at the time of publication. Temporary mitigations include restricting workflow creation and editing to trusted users, disabling the LDAP node via environment variables, and avoiding passing unvalidated external input into LDAP filters. However, these mitigations do not fully eliminate the risk and upgrading remains the recommended solution.

The impact of this vulnerability is significant for organizations using n8n workflows that integrate with LDAP directories and accept external user input. An attacker exploiting this flaw could manipulate LDAP queries to retrieve sensitive directory information beyond intended scope, potentially exposing user credentials, group memberships, or other confidential data. Additionally, attackers might bypass authentication checks implemented in workflows, leading to unauthorized access to internal systems or data. This could facilitate further lateral movement, privilege escalation, or data exfiltration within affected environments. Since n8n is used globally for automation and integration tasks, organizations relying on LDAP-based authentication or directory lookups in workflows are at risk. The vulnerability's exploitation does not require authentication or user interaction, increasing the threat surface if workflows are exposed to external inputs. However, the need for specific workflow configurations limits the scope somewhat. Overall, the vulnerability poses a medium risk but could have severe consequences in sensitive or high-value environments.

To mitigate CVE-2026-33751, organizations should prioritize upgrading n8n to versions 1.123.27, 2.13.3, 2.14.1, or later where the vulnerability is fixed. Until upgrades can be applied, restrict workflow creation and editing permissions strictly to fully trusted administrators to prevent introduction of vulnerable workflows. Consider disabling the LDAP node entirely by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable to eliminate the attack vector temporarily. Avoid passing any unvalidated or user-controlled external input into LDAP node search parameters via expressions; implement strict input validation and sanitization if such input is necessary. Review existing workflows for use of the LDAP node with external inputs and refactor or remove risky configurations. Monitor logs for unusual LDAP query patterns or unexpected access to directory data. Employ network segmentation and access controls to limit exposure of n8n instances and LDAP servers. Finally, maintain an incident response plan to quickly address any suspected exploitation attempts.