n8n-mcp vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-45707Highn8n-mcp: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers…CVE-2026-45582Mediumn8n-mcp: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parametersGHSA-8G7G-HMWM-6RV2Highn8n-mcp: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposureCVE-2026-44694Highn8n-mcp: n8n-mcp webhook and API client paths has an authenticated SSRFCVE-2026-42449Highn8n-mcp: n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full…CVE-2026-42282Mediumn8n-mcp: n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP modeCVE-2026-41495Mediumn8n-mcp: n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp RequestsGHSA-75HX-XJ24-MQRWHighn8n-mcp: n8n-mcp has unauthenticated session termination and information disclosure in HTTP transportCVE-2026-39974Highn8n-mcp: n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Stop the waste.
Protect your environment with Kodem.