Skip to main content

N8N Mcp

1 CVEs product

Monthly

CVE-2026-42282 npm MEDIUM PATCH This Month

n8n-MCP prior to version 2.47.13 logs sensitive credential material from authenticated MCP tool-call requests when running in HTTP transport mode, allowing disclosure of bearer tokens, OAuth credentials, API keys, and webhook authentication headers to any system with access to server logs. The vulnerability requires valid authentication (AUTH_TOKEN) and affects deployments where logs are collected, forwarded to external systems, or viewable outside the request trust boundary; no public exploit code has been identified.

RCE N8N Mcp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

n8n-MCP prior to version 2.47.13 logs sensitive credential material from authenticated MCP tool-call requests when running in HTTP transport mode, allowing disclosure of bearer tokens, OAuth credentials, API keys, and webhook authentication headers to any system with access to server logs. The vulnerability requires valid authentication (AUTH_TOKEN) and affects deployments where logs are collected, forwarded to external systems, or viewable outside the request trust boundary; no public exploit code has been identified.

RCE N8N Mcp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy