AI Threat Alert AI Threat Alert

CVE-2026-44694

GHSA-cmrh-wvq6-wm9r UNKNOWN
Published May 8, 2026

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL),...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
n8n-mcp npm >= 2.18.7, < 2.50.2 2.50.2
186.5K OpenSSF 6.0 16 dependents Pushed 6d ago 40% patched ~3d to patch Full package profile →

Do you use n8n-mcp? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Recommended Action

Patch available

Update n8n-mcp to version 2.50.2

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-44694?

n8n-mcp webhook and API client paths has an authenticated SSRF

Is CVE-2026-44694 actively exploited?

No confirmed active exploitation of CVE-2026-44694 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-44694?

Update to patched version: n8n-mcp 2.50.2.

What is the CVSS score for CVE-2026-44694?

No CVSS score has been assigned yet.

Technical Details

NVD Description

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. This issue has been patched in version 2.50.2.

Weaknesses (CWE)

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition Primary CWE-367 Primary CWE-918 Server-Side Request Forgery (SSRF) Primary CWE-918 Primary

References

Timeline

Published
May 8, 2026
Last Modified
May 8, 2026
First Seen
May 8, 2026

Related Vulnerabilities

CRITICAL CVE-2026-33663 10.0

n8n: member role steals plaintext HTTP credentials

Same package: n8n
CRITICAL CVE-2026-33660 10.0

TensorFlow: type confusion NPD in tensor conversion

Same package: n8n
CRITICAL CVE-2026-21858 10.0

n8n: Input Validation flaw enables exploitation

Same package: n8n
CRITICAL CVE-2026-27495 9.9

n8n: Code Injection enables RCE

Same package: n8n
CRITICAL CVE-2026-27577 9.9

n8n: Code Injection enables RCE

Same package: n8n
Back to Threat Feed