Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54023

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An issue exists in the middlewareKey function where the system accepts the client-controlled x-limited-key-id header without validating ownership. This allows authenticated users to adopt limited ke...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.4 views

Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...

9.6CVSS5.8AI score0.00201EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.10 views

CVE-2026-42282

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 8:16 p.m.12 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 6:58 p.m.36 views

CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 6:58 p.m.9 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/08 6:58 p.m.25 views

CVE-2026-41495

n8n-MCP (n8n-mcp) before v2.47.11 logs sensitive data from POST /mcp when running in HTTP transport mode. The issue records request metadata (notably Authorization bearer tokens, per-tenant API keys from x-n8n-key, and JSON-RPC payloads) in server logs regardless of authentication outcome; access...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/23 2:31 p.m.6 views

GHSA-PFM2-2MHG-8WPX n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References4
Rows per page
Query Builder