Skip to main content

CVE-2026-55608

MEDIUM
Information Exposure (CWE-200)
2026-07-14 https://github.com/czlonkowski/n8n-mcp GHSA-2cf7-hpwf-47h9
4.2
CVSS 3.1 · Vendor: https://github.com/czlonkowski/n8n-mcp
Share

Severity by source

Vendor (https://github.com/czlonkowski/n8n-mcp) PRIMARY
4.2 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (https://github.com/czlonkowski/n8n-mcp) · only source for this CVE.

CVSS VectorVendor: https://github.com/czlonkowski/n8n-mcp

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

DescriptionCVE.org

Summary

In multi-tenant HTTP mode (ENABLE_MULTI_TENANT=true), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope workflow_versions backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability.

Impact

An authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope - for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected.

Affected versions

<= 2.57.3

Patched version

2.57.4

Remediation

Upgrade to n8n-mcp 2.57.4 or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant.

Workarounds

  • Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it.
  • Run in stdio mode, which has no multi-tenant HTTP surface.
  • If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure.

Credit

Reported by @DavidCarliez.

Analysis

## Summary In multi-tenant HTTP mode (ENABLE_MULTI_TENANT=true), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope workflow_versions backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55608 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy