Data Exposure Flaw in n8n-MCP by Czlonkowski
CVE-2026-54052
9.9CRITICAL
What is CVE-2026-54052?
The n8n-MCP server, which facilitates AI assistants in accessing node documentation and workflows, suffers from a vulnerability affecting its multi-tenancy feature. Before the release of version 2.56.1, the system's backup mechanism for local workflow versions lacked adequate isolation between tenants. This oversight allowed authenticated users from one tenant to access and potentially modify workflow version snapshots and backups belonging to other tenants. Consequently, sensitive information, such as full node definitions and credential references, could be exposed, leading to a significant risk of data breaches. The vulnerability was addressed in version 2.56.1, making it essential for users to update promptly.
Affected Version(s)
n8n-mcp < 2.56.1
