GHSA-wg4g-395p-mqv3: n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode
Summary
n8n-mcp (a tool for connecting AI systems to external services) was logging sensitive information like passwords and API keys when running in HTTP mode (a way to communicate over the internet). When authenticated users made requests to call tools, their secret credentials were written to server logs before being hidden, which could expose them if logs were shared or accessed by unauthorized people. The issue only affected HTTP mode and required authentication, so it couldn't be exploited by random internet users.
Solution / Mitigation
Upgrade to n8n-mcp v2.47.13 or later using either `npx n8n-mcp@latest` (npm) or `docker pull ghcr.io/czlonkowski/n8n-mcp:latest` (Docker). The patch changes how tool arguments are logged by using a `summarizeToolCallArgs` function that records only the structure and size of data, never the actual secret values. As a temporary workaround if you cannot upgrade immediately: restrict HTTP port access through firewall or VPN, limit who can read server logs, or switch to stdio transport mode (`MCP_MODE=stdio`).
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-wg4g-395p-mqv3
First tracked: April 25, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%