Data Exposure Vulnerability in n8n-MCP AI Assistant Server
CVE-2026-55608

4.2MEDIUM

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-55608?

The n8n-MCP server, which provides AI assistants with access to node documentation, has a vulnerability concerning its multi-tenant HTTP mode. Specifically, when ENABLE_MULTI_TENANT is set to true, it allows an authenticated tenant to improperly access workflow_version backups that should be restricted to their particular tenant scope. This can lead to exposure or deletion of sensitive workflow-version backups from previous single-tenant deployments. This issue has been addressed in version 2.57.4.

Affected Version(s)

n8n-mcp < 2.57.4

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.