All 5 CVE vulnerabilities found in n8n-mcp, with AI-generated Chinese analysis, references, and POCs.
Vendor: czlonkowski
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-44694 | n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths CWE-367 | - | - | 2026-05-08 |
| CVE-2026-42282 | n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode CWE-532 | 4.3 | Medium | 2026-05-08 |
| CVE-2026-41495 | n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests CWE-532 | 5.3 | Medium | 2026-05-08 |
| CVE-2026-42449 | n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders CWE-918 | 8.5 | High | 2026-05-07 |
| CVE-2026-39974 | n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode CWE-918 | 8.5 | High | 2026-04-09 |
All 5 known CVE vulnerabilities affecting n8n-mcp with full Chinese analysis, references, and POCs where available.