3 matches found
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.57.3...
n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
Summary In multi-tenant HTTP mode ENABLEMULTITENANT=true, an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope workflowversions backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a norma...
PT-2026-60107
Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.57.4 Description In multi-tenant HTTP mode, an authenticated tenant can access local default-scope workflow versions backups instead of being restricted to their own tenant scope. This issue allows an authenticated...