Skip to main content

n8n EUVDEUVD-2026-38468

| CVE-2026-54309 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-06-16 https://github.com/n8n-io/n8n GHSA-qrx8-25qr-5r7v
8.8
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.4 CRITICAL

Network-reachable endpoint with no auth (PR:N, UI:N); driving a live browser yields high confidentiality and integrity impact, low availability.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 23, 2026 - 17:14 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 17:13 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 23, 2026 - 17:07 vuln.today
cvss_changed
CVSS changed
Jun 23, 2026 - 17:07 NVD
10.0 (HIGH) 8.8 (HIGH)
Source Code Evidence Fetched
Jun 17, 2026 - 00:14 vuln.today
Analysis Generated
Jun 17, 2026 - 00:14 vuln.today

DescriptionCVE.org

Impact

When @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools.

Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile.

This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). The default transport is stdio, which is not affected.

Patches

The issue has been fixed in n8n versions 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Avoid running @n8n/mcp-browser with the HTTP transport; use the default stdio transport instead.
  • If HTTP transport is required, restrict network access to the listening port to trusted clients only using host-based firewall rules.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Unauthenticated browser hijacking in n8n's @n8n/mcp-browser package (versions <2.25.7 and 2.26.0-2.26.1) allows any network-reachable attacker or malicious website to invoke browser-control tools against a victim's real browser profile when HTTP transport is enabled. No public exploit identified at time of analysis, but the missing-authentication flaw (CWE-306) requires only that the operator started the MCP endpoint with --transport http and has the n8n AI Browser Bridge extension active.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify host running @n8n/mcp-browser HTTP endpoint
Delivery
Lure victim to attacker-controlled web page
Exploit
Browser issues cross-origin POST to MCP port
Execution
Initialize unauthenticated MCP session
Persist
Invoke navigation and JS-eval tools
Impact
Exfiltrate cookies and authenticated session data

Vulnerability AssessmentAI

Exploitation Exploitation requires that the operator launched @n8n/mcp-browser with the --transport http flag (non-default; default stdio is not vulnerable), that the n8n AI Browser Bridge browser extension is installed, and that an active browser connection exists between the extension and the MCP server. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 8.8 (AV:N/AC:L/AT:N/PR:N/UI:N, VC:L/VI:H/VA:L) is well-justified for the affected configuration: no authentication, no user interaction, and high integrity impact because an attacker can drive an authenticated browser session. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An operator runs @n8n/mcp-browser with --transport http on a workstation that also has the n8n AI Browser Bridge extension connected to their logged-in Chrome profile. The user then visits an attacker-controlled webpage, which issues a cross-origin POST to the local MCP endpoint to initialize a session and invoke the navigation and JavaScript-evaluation tools, exfiltrating session cookies and authenticated content from sites the victim is logged into.
Remediation Vendor-released patch: upgrade n8n to 2.25.7 (for the 2.25.x line) or 2.26.2 (for the 2.26.x line) or later, per GHSA-qrx8-25qr-5r7v (https://github.com/n8n-io/n8n/security/advisories/GHSA-qrx8-25qr-5r7v). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all n8n deployments running @n8n/mcp-browser and verify which have HTTP transport enabled; audit active instances. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38468 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy