{"data":{"id":"170b58de-146a-402a-b9a6-24fd9bf227a4","title":"GHSA-56c3-vfp2-5qqj: n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders","summary":"A security flaw in n8n-mcp's URL validation allowed attackers to bypass SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests) protections using IPv4-mapped IPv6 addresses like `http://[::ffff:169.254.169.254]`. This could let an attacker who controls the `n8nApiUrl` input force the server to request sensitive data from cloud metadata endpoints, private networks, or localhost services, and the responses would be returned to the attacker along with API credentials.","solution":"Upgrade to **v2.47.14 or later** (via `npx n8n-mcp@latest` for npm or `docker pull ghcr.io/czlonkowski/n8n-mcp:latest` for Docker). If immediate upgrade is not possible, the source mentions three workarounds: (1) validate URLs before passing them to the SDK by rejecting IP literal hostnames and accepting only DNS-resolvable hostnames; (2) restrict outbound network traffic from the n8n-mcp process to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), and cloud metadata endpoints; and (3) do not accept user-controlled `n8nApiUrl` values and derive the URL from internal configuration only.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-56c3-vfp2-5qqj","publishedAt":"2026-04-30T18:12:54.000Z","cveId":"CVE-2026-42449","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n-mcp@>= 2.47.4, < 2.47.14 (fixed: 2.47.14)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n-mcp","n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-30T18:12:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}