{"url":"http://public2.vulnerablecode.io/api/packages/1066257?format=json","purl":"pkg:npm/n8n-mcp@2.48.0","type":"npm","namespace":"","name":"n8n-mcp","version":"2.48.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.50.2","latest_non_vulnerable_version":"2.51.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360308?format=json","vulnerability_id":"VCID-97fb-ukcd-nbf7","summary":"n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure\n## Impact\n\n`n8n-mcp` versions before 2.50.1 contained three independently-reported issues affecting deployments that run the n8n API integration:\n\n1. **Caller-supplied identifiers were not validated before being used as URL path segments** by the n8n API client. An authenticated MCP caller passing a crafted workflow id could cause outbound requests carrying the configured n8n API key to land on other same-origin endpoints, bypassing handler-level access controls (including `DISABLED_TOOLS`).\n\n2. **Validated webhook, form, and chat trigger URLs followed redirects.** A URL that passed initial validation could redirect the outbound request to a host that would otherwise have been rejected, with the response body returned to the caller. Reachable as non-blind SSRF over authenticated MCP calls.\n\n3. **Mutation telemetry stored unredacted operation payloads.** On instances running with the default opt-in telemetry, partial-update operation diffs were uploaded without redaction. Operation values can carry the same node-parameter values the workflow contains, including bearer tokens, API keys, and webhook secrets.\n\n## Severity\n\nCVSS 8.3 (HIGH). Exploitation requires an authenticated MCP caller and an n8n API integration configured with an n8n API key.\n\n## Patched versions\n\nUpgrade to `n8n-mcp >= 2.50.1`.\n\n## Workarounds\n\n- For issues (1) and (2): restrict network access to the HTTP transport (firewall, reverse-proxy ACL, or VPN) so only trusted callers can reach the MCP HTTP port; or switch to stdio mode, which exposes no HTTP surface for these issues.\n- For issue (3): set `N8N_MCP_TELEMETRY_DISABLED=true` in the environment before starting the server, or run `npx n8n-mcp telemetry disable` once.\n\n## Credit\n\nReported by @cybercraftsolutionsllc.","references":[{"reference_url":"https://github.com/czlonkowski/n8n-mcp","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/czlonkowski/n8n-mcp"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp/commit/1cfe9c6bddb4b1634e6e23323c18ea35fd196999","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/czlonkowski/n8n-mcp/commit/1cfe9c6bddb4b1634e6e23323c18ea35fd196999"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.50.1","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.50.1"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-8g7g-hmwm-6rv2","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-8g7g-hmwm-6rv2"},{"reference_url":"https://github.com/advisories/GHSA-8g7g-hmwm-6rv2","reference_id":"GHSA-8g7g-hmwm-6rv2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8g7g-hmwm-6rv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375536?format=json","purl":"pkg:npm/n8n-mcp@2.50.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fcdh-t5cn-67h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n-mcp@2.50.1"}],"aliases":["GHSA-8g7g-hmwm-6rv2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97fb-ukcd-nbf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67622?format=json","vulnerability_id":"VCID-fcdh-t5cn-67h5","summary":"n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. This issue has been patched in version 2.50.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44694","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04475","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44694"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/czlonkowski/n8n-mcp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44694","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44694"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp/commit/bcaba839409d470abeb4a6ad9b361b553a1098eb","reference_id":"bcaba839409d470abeb4a6ad9b361b553a1098eb","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:05:45Z/"}],"url":"https://github.com/czlonkowski/n8n-mcp/commit/bcaba839409d470abeb4a6ad9b361b553a1098eb"},{"reference_url":"https://github.com/advisories/GHSA-cmrh-wvq6-wm9r","reference_id":"GHSA-cmrh-wvq6-wm9r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cmrh-wvq6-wm9r"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-cmrh-wvq6-wm9r","reference_id":"GHSA-cmrh-wvq6-wm9r","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:05:45Z/"}],"url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-cmrh-wvq6-wm9r"},{"reference_url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.50.2","reference_id":"v2.50.2","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:05:45Z/"}],"url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.50.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376061?format=json","purl":"pkg:npm/n8n-mcp@2.50.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n-mcp@2.50.2"}],"aliases":["CVE-2026-44694","GHSA-cmrh-wvq6-wm9r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcdh-t5cn-67h5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n-mcp@2.48.0"}