CVE-2026-45707

8.1 HIGH

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations

Published: 2026-05-29 · Last updated: 2026-06-01

Severity and scoring

CVSS: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-284

Affected products

Vendor	Product
n8n-mcp	n8n-mcp

Description

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level N8N_API_URL / N8N_API_KEY credentials configured for the operator's own n8n instance. As a result, an authenticated MCP tenant could cause n8n management calls to execute against the operator's instance instead of its own. This affects HTTP-mode deployments of n8n-mcp that are run as a shared multi-tenant service. Single-tenant deployments (ENABLE_MULTI_TENANT unset or false) are not affected. This vulnerability is fixed in 2.51.2.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-45582 — n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations (6.5 MEDIUM)

Same CWE

CVE-2026-47261 — Wasmtime is a runtime for WebAssembly (7.5 HIGH)
CVE-2026-5230 — Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc (7.1 HIGH)
CVE-2026-12212 — A vulnerability has been found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
CVE-2026-12203 — A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
CVE-2026-53520 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)