CVE-2026-42235 — HIGH (CVSS 8.2) AI Security Vulnerability

Q: What is CVE-2026-42235?

n8n Vulnerable to XSS via MCP OAuth client

Q: Is CVE-2026-42235 actively exploited?

No confirmed active exploitation of CVE-2026-42235 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-42235?

Update to patched version: n8n 1.123.32.

Q: What is the CVSS score for CVE-2026-42235?

CVE-2026-42235 has a CVSS v3.1 base score of 8.2 (HIGH).

## Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would...

Full CISO analysis pending enrichment.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
n8n	npm	< 1.123.32	`1.123.32`
185.6K OpenSSF 6.0 16 dependents Pushed 4d ago 38% patched ~1d to patch Full package profile →

Do you use n8n? You're affected.

Severity & Risk

CVSS 3.1

8.2 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

Attack Surface

AV Network

AC High

PR None

UI Required

S Changed

C High

I High

A Low

Recommended Action

Patch available

Update n8n to version 1.123.32

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-42235?

n8n Vulnerable to XSS via MCP OAuth client

Is CVE-2026-42235 actively exploited?

No confirmed active exploitation of CVE-2026-42235 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-42235?

Update to patched version: n8n 1.123.32.

What is the CVSS score for CVE-2026-42235?

CVE-2026-42235 has a CVSS v3.1 base score of 8.2 (HIGH).

Technical Details

NVD Description

## Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation. ## Patches This issue has been fixed in n8n version 2.14.2. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Restrict access to the n8n instance and the MCP OAuth registration endpoint to trusted users only. - Disable MCP server functionality if it is not actively required. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.