{"uuid": "ae75fa1d-accb-4010-970e-dad7818e3a2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-8g7g-hmwm-6rv2", "type": "seen", "source": "https://gist.github.com/alon710/0c17dbed23743a79ef9af5d859725c2a", "content": "# GHSA-8G7G-HMWM-6RV2: GHSA-8g7g-hmwm-6rv2: Path Traversal, SSRF, and Information Exposure in n8n-mcp\n\n> **CVSS Score:** 8.5\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/GHSA-8G7G-HMWM-6RV2\n\n## Summary\nMultiple high-severity vulnerabilities were identified in the `n8n-mcp` package prior to version 2.50.1. These vulnerabilities include a Path Traversal flaw in the API client, a Server-Side Request Forgery (SSRF) bypass via redirect-following, and an Information Exposure vulnerability in the telemetry service. Collectively, these flaws permit credential theft, internal network access, and the leakage of sensitive workflow configurations.\n\n## TL;DR\nVersions of n8n-mcp before 2.50.1 suffer from path traversal in API path construction, SSRF via uncontrolled redirect following, and plain-text exposure of sensitive API keys in telemetry data. The vendor patched these issues in version 2.50.1.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **Vulnerability IDs**: GHSA-8g7g-hmwm-6rv2, AIKIDO-2026-10739\n- **Primary CWEs**: CWE-22, CWE-918, CWE-200, CWE-212\n- **Attack Vector**: Network\n- **Estimated CVSS**: 8.5 (High)\n- **Exploit Status**: Proof of Concept available\n- **Patched Version**: 2.50.1\n\n## Affected Systems\n\n- n8n-mcp API Client\n- n8n-mcp Webhook Triggers\n- n8n-mcp Telemetry Service\n- **n8n-mcp**: < 2.50.1 (Fixed in: `2.50.1`)\n\n## Mitigation\n\n- Upgrade the n8n-mcp package to version 2.50.1 or later.\n- Implement egress network filtering to block connections to cloud metadata endpoints (169.254.169.254).\n- Rotate any API keys or credentials that were stored in historical telemetry logs.\n- Audit custom webhook handlers to ensure HTTP redirect following is explicitly disabled.\n\n**Remediation Steps:**\n1. Identify all deployments of the n8n-mcp package within the environment.\n2. Execute package manager updates to pull version 2.50.1.\n3. Restart the affected Node.js services to apply the updated dependencies.\n4. Review historical telemetry logs and purge any entries containing unredacted workflow mutation payloads.\n5. Rotate credentials accessed by the application prior to the patch application.\n\n## References\n\n- [GitHub Security Advisory: GHSA-8g7g-hmwm-6rv2](https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-8g7g-hmwm-6rv2)\n- [Fix Commit](https://github.com/czlonkowski/n8n-mcp/commit/1cfe9c6bddb4b1634e6e23323c18ea35fd196999)\n- [Release v2.50.1](https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.50.1)\n- [Vulnerability Intelligence (Aikido)](https://intel.aikido.dev/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-8G7G-HMWM-6RV2) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T17:10:29.000000Z"}