CVE-2026-41495
Information Disclosure in n8n-MCP Server
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | mcp | to 2.47.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in n8n-MCP server versions prior to 2.47.11 when running in HTTP transport mode. Incoming POST requests to the /mcp endpoint have their request metadata logged regardless of whether authentication succeeds or fails.
As a result, sensitive information such as bearer tokens from the Authorization header, per-tenant API keys from the x-n8n-key header, and JSON-RPC request payloads can be recorded in server logs even if the requests are unauthenticated and rejected.
Although access control is not bypassed and unauthorized requests receive a 401 Unauthorized response, the sensitive data from those requests may still be exposed through log files.
This issue was fixed in version 2.47.11.
How can this vulnerability impact me? :
The vulnerability can lead to unintended disclosure of sensitive authentication credentials and request data through server logs.
If logs are collected, forwarded to external systems, or accessible outside the trusted boundary (such as shared log storage, SIEM pipelines, or by support/operations personnel), attackers or unauthorized users with access to these logs could obtain bearer tokens, API keys, or request payloads.
This exposure could potentially be used to compromise accounts or services that rely on these credentials, increasing the risk of unauthorized access or data leakage.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade n8n-mcp to version 2.47.11 or later, where the issue has been patched.
Additionally, avoid running n8n-mcp in HTTP transport mode if possible, or ensure that logs containing sensitive request metadata are not forwarded to external or untrusted systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to the disclosure of sensitive information such as bearer tokens, API keys, and JSON-RPC request payloads in server logs. In environments where logs are collected, forwarded, or accessible outside the trusted boundary, this could result in unauthorized exposure of sensitive data.
Such exposure of sensitive authentication tokens and keys may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data and mandate strict access controls and data handling procedures.
Although access control was not bypassed and unauthenticated requests were rejected, the persistence of sensitive data in logs could violate data protection requirements related to confidentiality and secure data storage.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your n8n-mcp server is running a version prior to 2.47.11 and if it is operating in HTTP transport mode (MCP_MODE=http). Specifically, you should verify if the server logs contain sensitive information such as bearer tokens from the Authorization header, per-tenant API keys from the x-n8n-key header, or JSON-RPC request payloads from POST /mcp endpoint requests, including those that were unauthorized (resulting in 401 Unauthorized responses).
To detect this on your system, you can search your server logs for these sensitive headers or payloads. For example, you might use commands like the following on the server where logs are stored:
- grep -i 'Authorization: Bearer' /path/to/n8n-mcp/logs/*
- grep -i 'x-n8n-key' /path/to/n8n-mcp/logs/*
- grep -i 'POST /mcp' /path/to/n8n-mcp/logs/*
Additionally, monitoring for HTTP POST requests to the /mcp endpoint that result in 401 Unauthorized responses but still have their request metadata logged can help identify if the vulnerable behavior is present.
If you find such sensitive data in your logs, it indicates that your system is affected by this vulnerability and you should upgrade to version 2.47.11 or later, restrict network access to the HTTP port, or switch to stdio transport mode to mitigate the issue.