{"data":{"id":"1cbce343-29e2-4a88-9ae7-e402cfb588de","title":"GHSA-j6r7-6fhx-77wx: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments","summary":"In n8n-MCP (a tool for connecting AI models to workflows), multi-tenant HTTP deployments (where one server serves multiple separate user groups) did not properly isolate workflow version backups. This meant an authenticated user from one tenant could read, delete, or destroy backup snapshots belonging to other tenants, potentially exposing sensitive information like credentials and authorization headers stored in those backups.","solution":"Upgrade to version 2.56.1, which isolates stored version history per instance so tenants can only access their own backups. The upgrade runs a one-time migration to isolate existing history and clear previously un-scoped backups. If immediate upgrade is not possible, users can disable the workflow version tool by setting `DISABLED_TOOLS=n8n_workflow_versions` in the server environment (for example, in your Docker `.env` file), or run each tenant from a separate instance with its own database instead of multi-tenant mode, or restrict network access to the HTTP endpoint to trusted operators only.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-j6r7-6fhx-77wx","publishedAt":"2026-07-14T19:07:14.000Z","cveId":"CVE-2026-54052","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["n8n-mcp@<= 2.56.0 (fixed: 2.56.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n-MCP","n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-14T19:07:14.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}