Data Exposure Vulnerability in n8n-MCP AI Assistant Server
CVE-2026-55608
4.2MEDIUM
What is CVE-2026-55608?
The n8n-MCP server, which provides AI assistants with access to node documentation, has a vulnerability concerning its multi-tenant HTTP mode. Specifically, when ENABLE_MULTI_TENANT is set to true, it allows an authenticated tenant to improperly access workflow_version backups that should be restricted to their particular tenant scope. This can lead to exposure or deletion of sensitive workflow-version backups from previous single-tenant deployments. This issue has been addressed in version 2.57.4.
Affected Version(s)
n8n-mcp < 2.57.4
