GHSA-8g7g-hmwm-6rv2: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
Summary
n8n-mcp versions before 2.50.1 had three security issues: unvalidated workflow IDs allowed attackers to bypass access controls and leak API keys, webhook URLs followed redirects to unintended hosts (SSRF, a type of attack where a server makes unwanted requests to other systems), and telemetry (usage data sent to developers) stored sensitive information like API keys without hiding it. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.3 and requires an authenticated attacker with access to the n8n API.
Solution / Mitigation
Upgrade to n8n-mcp version 2.50.1 or later. If upgrading is not immediately possible, the source provides these workarounds: for issues 1 and 2, restrict network access to the HTTP port through firewall rules or switch to stdio mode (a communication method that does not expose HTTP); for issue 3, set the environment variable `N8N_MCP_TELEMETRY_DISABLED=true` before starting the server, or run `npx n8n-mcp telemetry disable` once.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-8g7g-hmwm-6rv2
First tracked: May 8, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%