n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an authenticated tenant to access default-scope workflow_versions backups instead of being confined to the tenant scope, exposing or deleting workflow-version backups from prior single-tenant deployments or migrations. This issue is fixed in version 2.57.4.

Project Subscriptions

No data.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2cf7-hpwf-47h9 n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 15 Jul 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Czlonkowski
Czlonkowski n8n-mcp
Vendors & Products Czlonkowski
Czlonkowski n8n-mcp

Wed, 15 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Description n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an authenticated tenant to access default-scope workflow_versions backups instead of being confined to the tenant scope, exposing or deleting workflow-version backups from prior single-tenant deployments or migrations. This issue is fixed in version 2.57.4.
Title n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
Weaknesses CWE-200
CWE-863
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-15T20:35:29.539Z

Reserved: 2026-06-16T23:31:22.445Z

Link: CVE-2026-55608

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T23:30:04Z

Weaknesses