What is the CVSS score of CVE-2026-45582?

CVE-2026-45582 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Is there a patch available for CVE-2026-45582?

Yes, a patch is available for CVE-2026-45582. Update the affected software to the latest version immediately.

n8n-mcp CVE-2026-45582

MEDIUM

Insertion of Sensitive Information Into Sent Data (CWE-201)

2026-05-18 https://github.com/czlonkowski/n8n-mcp

GHSA-f3rg-xqjj-cj9w

Information Disclosure

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 18, 2026 - 14:02 vuln.today

Analysis Generated

May 18, 2026 - 14:02 vuln.today

DescriptionNVD

Summary

In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters - such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters - could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md.

Impact

Operators with access to the project's telemetry backend could read partial fragments of workflow URL parameters that should not have been collected. The bug was scoped to URL-shaped fields in workflow *definitions*; credentials, OAuth tokens, and workflow *execution* data are not affected - credentials are removed by a separate code path, and long secrets and known-provider tokens are matched by dedicated patterns.

Patches

Fixed in n8n-mcp 2.51.3. Upgrading is the recommended remediation.

Workarounds

For users who cannot upgrade immediately, disable anonymous telemetry by setting any of these environment variables to true:

N8N_MCP_TELEMETRY_DISABLED
TELEMETRY_DISABLED
DISABLE_TELEMETRY

Credit

Reported by @u-ktdi.

AnalysisAI

Incomplete telemetry sanitization in n8n-mcp (all versions before 2.51.3) caused the WorkflowSanitizer to transmit partial URL paths and query strings - including customer IDs, tenant identifiers, signed-request parameters, and short tokens below the 20-character generic-token threshold - to the project's anonymous Supabase-hosted telemetry backend. Any operator with read access to the telemetry_workflows or workflow_mutations Supabase tables could retrieve these fragments from workflow definitions, contrary to the privacy guarantees documented in PRIVACY.md. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45582 vulnerability details – vuln.today

Back

n8n-mcp CVE-2026-45582

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Summary

Impact

Patches

Workarounds

Credit

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code