GHSA-j6r7-6fhx-77wx: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments
Summary
In n8n-MCP (a tool for connecting AI models to workflows), multi-tenant HTTP deployments (where one server serves multiple separate user groups) did not properly isolate workflow version backups. This meant an authenticated user from one tenant could read, delete, or destroy backup snapshots belonging to other tenants, potentially exposing sensitive information like credentials and authorization headers stored in those backups.
Solution / Mitigation
Upgrade to version 2.56.1, which isolates stored version history per instance so tenants can only access their own backups. The upgrade runs a one-time migration to isolate existing history and clear previously un-scoped backups. If immediate upgrade is not possible, users can disable the workflow version tool by setting `DISABLED_TOOLS=n8n_workflow_versions` in the server environment (for example, in your Docker `.env` file), or run each tenant from a separate instance with its own database instead of multi-tenant mode, or restrict network access to the HTTP endpoint to trusted operators only.
Vulnerability Details
EPSS: 0.0%
Yes
July 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-j6r7-6fhx-77wx
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%