9 Total advisories
9 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 8.1
CVE-2026-45707
n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete
MEDIUM 6.5
CVE-2026-45582
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
UNKNOWN
CVE-2026-44694
n8n-mcp webhook and API client paths has an authenticated SSRF
MEDIUM 4.3
CVE-2026-42282
n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode
MEDIUM 5.3
CVE-2026-41495
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests
HIGH 8.5
CVE-2026-42449
n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders
HIGH 8.3
GHSA-8g7g-hmwm-6rv2
n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
HIGH 8.2
GHSA-75hx-xj24-mqrw
n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport
HIGH 8.5
CVE-2026-39974
n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode
Ready to move
Start Securing
Free, no credit card | First findings in minutes