n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport
Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...