{"data":{"id":"1fde9d45-6846-4ec5-ae15-95073476b3ce","title":"GHSA-cmrh-wvq6-wm9r: n8n-mcp webhook and API client paths has an authenticated SSRF","summary":"An authenticated SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests to internal services) vulnerability affects n8n-mcp's webhook and API client features. An attacker with access to the system can make the n8n-mcp host send HTTP requests to internal services or cloud credential endpoints that should be blocked, allowing them to steal credentials or enumerate internal systems.","solution":"Fixed in n8n-mcp@2.50.2. If you cannot upgrade immediately, the source suggests three workarounds: (1) Restrict network egress from the n8n-mcp host using a firewall or cloud security group to deny cloud metadata IPs (169.254.169.254, 169.254.170.2, 100.100.100.200, 192.0.0.192, and GCP metadata.google.internal) and RFC1918 networks; (2) Run in stdio mode instead of HTTP if multi-tenant mode is not needed; (3) Disable workflow management tools via `DISABLED_TOOLS=n8n_trigger_webhook_workflow,n8n_create_workflow,n8n_test_workflow` if not needed. Additionally, if N8N_API_URL points to localhost or a private network address, set `WEBHOOK_SECURITY_MODE=moderate` (allows localhost, blocks private networks and cloud metadata) or `WEBHOOK_SECURITY_MODE=permissive` (allows private networks too, only safe on trusted networks).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-cmrh-wvq6-wm9r","publishedAt":"2026-05-08T16:59:17.000Z","cveId":"CVE-2026-44694","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n-mcp@>= 2.18.7, < 2.50.2 (fixed: 2.50.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n","n8n-mcp"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-08T16:59:17.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010","AML.T0051"]}}