Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.10 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 6:58 p.m.6 views

CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

n8n-MCP 日志信息泄露漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.47.11 contained a vulnerability related to log information leakage. This vulnerability occurred when POST /mcp requests under HTTP transmission mode wrote metadata...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/23 2:31 p.m.11 views

n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/23 2:31 p.m.5 views

GHSA-PFM2-2MHG-8WPX n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34682

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.47.11 Description When running in HTTP transport mode, incoming requests to the 'POST /mcp' endpoint have their request metadata written to server logs regardless of whether authentication is successful. This can le...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References9
Rows per page
Query Builder