n8n-mcp

npm5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting n8n-mcppage 1 of 1

CVE-2026-39974HIGHCVSS 8.5EG 8.5✓ Fixed in 2.47.4
2026-04-09
n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a…
CVE-2026-41495MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.47.11
2026-05-08
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their re…
CVE-2026-42282MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.47.13
2026-05-08
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arg…
CVE-2026-42449HIGHCVSS 8.5EG 8.5✓ Fixed in 2.47.14
2026-05-07
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and val…
CVE-2026-44694CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.50.2
2026-05-08
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting …

Check whether n8n-mcp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for n8n-mcp CVEs against the assets you own.

Start Free Scan →