GHSA-49m9-pgww-9vq6: n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
Summary
n8n has a vulnerability where an unauthenticated attacker can crash an n8n instance (a workflow automation tool) by sending large amounts of data to the MCP OAuth client registration endpoint (the system that lets external applications connect to n8n). The endpoint doesn't properly limit how much data it accepts or how many clients can register, allowing attackers to use up all the server's memory and make it unavailable.
Solution / Mitigation
Upgrade to n8n version 1.123.32, 2.17.4, 2.18.1, or later. If immediate upgrade is not possible, administrators can temporarily: (1) restrict network access to the n8n instance to prevent requests from untrusted sources, or (2) reduce the maximum accepted payload size by lowering the `N8N_PAYLOAD_SIZE_MAX` environment variable from its default value. The source notes these workarounds do not fully fix the risk and should only be used as short-term measures.
Vulnerability Details
EPSS: 0.0%
Yes
April 29, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-49m9-pgww-9vq6
First tracked: April 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%