Executive Summary

CVE-2026-54309 is a vulnerability in the n8n MCP Browser HTTP Transport mode that allows unauthenticated remote attackers to establish browser-control sessions and invoke tools without any authentication.

When the HTTP transport mode (--transport http) is enabled and the n8n AI Browser Bridge extension is installed with an active browser connection, an attacker can control browser functions such as navigation, JavaScript execution, and access to cookies and storage using the user's real browser profile.

This issue does not affect the default stdio transport mode and has been fixed in n8n versions 2.25.7 and 2.26.2.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a significant impact by allowing attackers to remotely control a user's browser without authentication.

• Attackers can navigate the browser, execute arbitrary JavaScript, and access sensitive data such as cookies and local storage.
• This can lead to theft of sensitive information, session hijacking, and unauthorized actions performed on behalf of the user.

The CVSS score of 8.8 (High) reflects the serious risk to confidentiality, integrity, and availability posed by this vulnerability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects n8n instances running the @n8n/mcp-browser component with the HTTP transport mode enabled (--transport http). Detection involves identifying if the MCP endpoint is accessible without authentication over HTTP.

You can check if the HTTP transport is enabled and the MCP endpoint is reachable by scanning for open HTTP ports on the n8n server and attempting to establish a session or invoke tools without authentication.

Suggested commands include using network scanning tools like nmap to detect open HTTP ports and curl or similar tools to test the MCP endpoint:

• nmap -p 80,443 <n8n-server-ip> # Scan for open HTTP/HTTPS ports
• curl http://<n8n-server-ip>:<port>/mcp/session/init # Attempt to initiate an MCP session without authentication
• curl http://<n8n-server-ip>:<port>/mcp/tool/invoke # Attempt to invoke a tool without authentication

If these requests succeed without authentication, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading n8n to versions 2.25.7 or 2.26.2 where the vulnerability is fixed.

If upgrading immediately is not possible, temporary mitigations include:

• Switching from HTTP transport mode to the default stdio transport mode, which is not affected by this vulnerability.
• Restricting network access to the HTTP port used by the MCP endpoint using firewall rules to prevent unauthorized network clients from reaching it.

Note that these temporary mitigations do not fully resolve the risk, so upgrading is strongly recommended.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthenticated remote attackers to access browser-control capabilities including navigation, JavaScript execution, and access to cookies and storage. Such unauthorized access to sensitive browser data could lead to exposure of personal or sensitive information.

Because of this exposure, organizations using affected versions of n8n with HTTP transport mode enabled may face challenges in maintaining compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over access to personal and sensitive data.

Mitigations include upgrading to patched versions or restricting network access, but until fully remediated, the vulnerability poses a risk to confidentiality and integrity of data, potentially impacting regulatory compliance.

Useful 0 Not Useful 0