Server-Side Request Forgery in n8n-MCP Server Exposing Sensitive Data
CVE-2026-39974

8.5HIGH

Key Information:

Vendor

Czlonkowski

Status
N8n-mcp
Vendor
CVE Published:
9 April 2026

What is CVE-2026-39974?

The n8n-MCP server, prior to version 2.47.4, is vulnerable to a Server-Side Request Forgery (SSRF) which allows authenticated users with a valid AUTH_TOKEN to send HTTP requests to arbitrary URLs specified in multi-tenant HTTP headers. The server reflects the responses back through JSON-RPC, enabling attackers to access sensitive data from any reachable URL, including cloud metadata endpoints and internal network services. This vulnerability poses significant risks in multi-tenant environments where multiple operators can present valid AUTH_TOKENS. The flaw has been addressed in the 2.47.4 release.

Affected Version(s)

n8n-mcp < 2.47.4

References

https://github.com/czlonkowski/n8n-mcp/security/advisorie...
x_refsource_CONFIRM
https://github.com/czlonkowski/n8n-mcp/commit/d9d847f2309...
x_refsource_MISC
https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.4
x_refsource_MISC

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.