GHSA-2cf7-hpwf-47h9: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
Summary
In n8n-mcp (a tool that connects AI models to workflows) running in multi-tenant HTTP mode (where multiple separate users share one server), an authenticated user could bypass access controls and read or delete workflow backups stored in the default single-tenant scope instead of being restricted to their own workspace. This could expose sensitive workflow configuration information.
Solution / Mitigation
Upgrade to n8n-mcp version 2.57.4 or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant. Alternatively, restrict network access to the HTTP endpoint using a firewall or reverse proxy, run in stdio mode (which has no multi-tenant HTTP surface), or remove default-scope backups from prior single-tenant deployments if they are no longer needed.
Vulnerability Details
EPSS: 0.0%
Yes
July 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-2cf7-hpwf-47h9
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%