CVE-2026-45582
Analyzed Analyzed - Analysis Complete
Telemetry Data Leak in n8n-MCP Server

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters β€” such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters β€” could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-45582
EUVD
EUVD-2026-33319
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
n8n-mcp n8n-mcp to 2.51.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45582 is a security vulnerability in the n8n-mcp software where sensitive information embedded in URL-shaped node parameters was not properly redacted before being sent to the anonymous telemetry backend.

Specifically, values such as customer or tenant identifiers, short secrets in query strings, and signed request parameters could appear partially in stored telemetry data, violating the intended privacy boundaries.

The issue was due to the workflow telemetry sanitizer only redacting the hostname part of URLs, leaving path and query string fragments exposed.

This vulnerability was fixed in version 2.51.3 by fully redacting URL-like fields to a placeholder [REDACTED_URL], ensuring no sensitive fragments remain in telemetry data.

Impact Analysis

This vulnerability can lead to unauthorized exposure of sensitive information such as customer IDs, tenant identifiers, short secrets, and signed request parameters through telemetry data.

If an attacker gains access to the telemetry storage, they could retrieve these sensitive fragments, potentially compromising user privacy and security.

Although credentials and OAuth tokens are separately sanitized and not affected, the leakage of partial URL parameters still poses a moderate risk.

Users are advised to upgrade to version 2.51.3 where the issue is fixed, or temporarily disable telemetry collection to mitigate the risk.

Compliance Impact

The vulnerability results in the unintended retention and transmission of sensitive information in telemetry data, which can violate privacy and data protection principles outlined in regulations such as GDPR and HIPAA.

Exposing customer or tenant identifiers and secrets in telemetry could be considered a breach of data minimization and confidentiality requirements.

Therefore, organizations using affected versions of n8n-mcp may face compliance risks if this vulnerability is not addressed.

Upgrading to version 2.51.3, which fully redacts sensitive URL parameters in telemetry, helps restore compliance with these standards.

Detection Guidance

This vulnerability involves sensitive information leakage in workflow telemetry data, specifically URL-shaped node parameters that may contain customer IDs, tenant identifiers, signed-request parameters, or short tokens. Detection involves inspecting telemetry data storage, such as Supabase tables, for partial URL fragments or sensitive parameters that should have been redacted.

Since the vulnerability relates to telemetry data retention rather than network traffic, direct network commands may not detect it. Instead, you should audit stored telemetry data for unredacted URL fragments.

As a practical step, you can query your telemetry database (e.g., Supabase) for entries containing URL patterns or sensitive parameters. For example, using SQL commands to search for URL-like strings or known sensitive keys in telemetry tables.

  • Example SQL query to detect unredacted URLs in telemetry data: SELECT * FROM telemetry_table WHERE data LIKE '%http://%' OR data LIKE '%https://%';
  • Search for known sensitive parameters in telemetry data: SELECT * FROM telemetry_table WHERE data LIKE '%customer_id=%' OR data LIKE '%tenant_id=%' OR data LIKE '%signed_request=%';

Additionally, review your telemetry configuration and logs to verify if telemetry data is being sent without proper sanitization.

Mitigation Strategies

The primary mitigation is to upgrade n8n-mcp to version 2.51.3 or later, where the vulnerability is fixed by fully redacting URL-like fields in telemetry data.

If immediate upgrade is not possible, disable anonymous telemetry collection to prevent sensitive data from being sent and stored.

  • Set environment variables to disable telemetry: N8N_MCP_TELEMETRY_DISABLED=true, TELEMETRY_DISABLED=true, or DISABLE_TELEMETRY=true.

Consider auditing existing telemetry data storage (e.g., Supabase) for sensitive information and perform a one-time scrubbing if necessary.

Review and harden telemetry collection policies and consider opt-in telemetry defaults to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45582. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart