Lucene search
+L

4 matches found

veracode
veracode
added 2026/05/16 5:19 a.m.58 views

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/05/12 8:20 a.m.14 views

CVE-2026-44694

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

9.1CVSS5.7AI score0.00235EPSS
Exploits0References1
nvd
nvd
added 2026/05/08 8:16 p.m.51 views

CVE-2026-44694

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

9.1CVSS0.00235EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.20 views

PT-2026-39189

Name of the Vulnerable Software and Affected Versions n8n-MCP versions 2.18.7 through 2.50.1 Description An authenticated server-side request forgery SSRF issue exists affecting the webhook trigger tools, the n8n API client N8N API URL, and per-request URLs provided via the x-n8n-url header in...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References11
Rows per page
Query Builder