Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN459
_____________________________________________________________________

DATE                : 06/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running n8n (npm) versions prior to
                            1.123.33, 2.18.1, 2.17.4.

=====================================================================
https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5
https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v
https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r
https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq
https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4
https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw
https://github.com/n8n-io/n8n/security/advisories/GHSA-r4v6-9fqc-w5jr
https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp
https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22
https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7
https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6
_____________________________________________________________________

Prototype Pollution in XML Webhook Body Parser Leads to RCE
Critical
Jubke published GHSA-q5f4-99jv-pgg5 Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

A flaw in the xml2js library used to parse XML request bodies in n8n's
webhook handler allowed prototype pollution via a crafted XML payload.
An authenticated user with permission to create or modify workflows
could exploit this to pollute the JavaScript object prototype and, by
chaining the pollution with the Git node's SSH operations, achieve
remote code execution on the n8n host.


Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate
the vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted
users only.

These workarounds do not fully remediate the risk and should only be
used as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity
Critical
10.0/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required None
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability High
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVE ID
CVE-2026-42231

Weaknesses
No CWEs

Credits

    @a-tallat a-tallat Reporter
_____________________________________________________________________

RCE via SQL Mode of Merge Node
Critical
Jubke published GHSA-58qr-rcgv-642v Mar 25, 2026

Package
n8n (npm)

Affected versions
< 2.14.1
< 2.13.3
< 1.123.27

Patched versions
>= 2.14.1
>= 2.13.3
>= 1.123.27


Description

Impact

An authenticated user with permission to create or modify workflows
could use the Merge node's "Combine by SQL" mode to read local files
on the n8n host and achieve remote code execution. The AlaSQL sandbox
did not sufficiently restrict certain SQL statements, allowing an
attacker to access sensitive files on the server or even compromise
the intance.


Patches

The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27.
Users should upgrade to one of these versions or later to remediate the
vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted users
only.
    Disable the Merge node by adding n8n-nodes-base.merge to the
NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity
Critical
9.4/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability High
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVE ID
CVE-2026-33660

Weaknesses
Weakness CWE-94

Credits

    @duddnr0615k duddnr0615k Reporter
    @simonkoeck simonkoeck Reporter
    @c0rydoras c0rydoras Reporter
    @nil340 nil340 Reporter


_____________________________________________________________________


XML Node Prototype Pollution to RCE
Critical
Jubke published GHSA-hqr4-h3xv-9m3r Apr 22, 2026

Package
n8n (npm)

Affected versions
< 2.18.1
< 2.17.4
< 1.123.32

Patched versions
>= 2.18.1
>= 2.17.4
>= 1.123.32


Description

Impact

An authenticated user with permission to create or modify workflows
could achieve global prototype pollution via the XML Node leading to
RCE when combined with other nodes exploiting the prototype pollution.


Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate
the vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted
users only.
    Disable the XML node by adding n8n-nodes-base.xml to the NODES_EXCLUDE
environment variable.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H


Severity
Critical
9.4/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability Low
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L

CVE ID
CVE-2026-42232

Weaknesses
No CWEs

Credits

    @simonkoeck simonkoeck Reporter

_____________________________________________________________________


XSS via MCP OAuth client
High
Jubke published GHSA-537j-gqpc-p7fq Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

An unauthenticated attacker could register a malicious MCP OAuth client
with a crafted client_name. If a victim user authorized the OAuth consent
dialog and a second user subsequently revoked that access, a toast
notification would render the injected script. Clicking the link would
execute arbitrary JavaScript in the victim's authenticated n8n browser session,
enabling credential and session token theft, workflow manipulation, or
privilege escalation.


Patches

This issue has been fixed in n8n version 2.14.2. Users should upgrade to
this version or later to remediate the vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Restrict access to the n8n instance and the MCP OAuth registration
endpoint to trusted users only.
    Disable MCP server functionality if it is not actively required.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

Severity
High
8.8/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required None
User interaction Active
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability Low
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

CVE ID
CVE-2026-42235

Weaknesses
Weakness CWE-87

Credits

    @OscarBataille OscarBataille Reporter

_____________________________________________________________________


Python Task Runner Sandbox Escape
High
Jubke published GHSA-44v6-jhgm-p3m4 Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

An authenticated user with permission to create or modify workflows
containing a Python Code Node could escape the sandbox and achieve
arbitrary code execution on the task runner container.

    This issue only affects instances where the Python Task Runner
is enabled.

Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate
the vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted
users only.

    Disable the Python Code node by adding n8n-nodes-base.code to the
NODES_EXCLUDE environment variable, or disable the Python Task Runner
entirely.

These workarounds do not fully remediate the risk and should only be
used as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N


Severity
High
7.1/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity Low
Availability None
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CVE ID
CVE-2026-42234

Weaknesses
Weakness CWE-94

Credits

    @dorjoos dorjoos Reporter



_____________________________________________________________________

Hijacking of Unauthenticated Chat Execution
Moderate
Jubke published GHSA-f77h-j2v7-g6mw Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4

Description

Impact

The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat
feature did not verify that an incoming connection was authorized to
interact with the target execution. An unauthenticated remote attacker
who could identify a valid execution ID for a workflow in a waiting state
could attach to that execution, receive the pending prompt intended for
the legitimate user, and submit arbitrary input to resume or influence
downstream workflow behavior.

Exploitation requires the following conditions:

    The instance exposes a public Hosted Chat workflow with authentication
set to None.
    A target execution is in a waiting state at the time of the attack.
    The attacker can obtain or discover the execution ID of that waiting
execution.

Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users
should upgrade to one of these versions or later to remediate the
vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider the
following temporary mitigations:

    Enable authentication on all Chat Trigger nodes by setting the
Authentication field to n8n User Auth rather than None.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Severity
Moderate
6.3/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required None
User interaction None
Vulnerable System Impact Metrics
Confidentiality Low
Integrity Low
Availability None
Subsequent System Impact Metrics
Confidentiality Low
Integrity Low
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CVE ID
CVE-2026-42228

Weaknesses
No CWEs

Credits

    @34selen 34selen Reporter
    @Aikido-Security Aikido-Security Reporter
    @reindaelman reindaelman Reporter
    @grumpinout1 grumpinout1 Reporter


_____________________________________________________________________


Credential Authorization Bypass in dynamic-node-parameters Allows
Foreign API Key Replay

High
Jubke published GHSA-r4v6-9fqc-w5jr Apr 22, 2026

Package
n8n (npm)

Affected versions
< 2.18.0
< 2.17.5
< 1.123.33

Patched versions
>= 2.18.0
>= 2.17.5
>= 1.123.33


Description

Impact

The dynamic-node-parameters endpoints did not verify whether the
authenticated caller was authorized to use a supplied credential
reference. An authenticated user with access to a shared workflow could
supply a foreign credential ID in the request body, causing the backend
to decrypt and use that credential in a helper execution path where the
caller also controls the destination URL. This allowed the caller to
force the backend to authenticate against attacker-controlled
infrastructure using a credential belonging to another user,
effectively exfiltrating a reusable API key.

The issue is not limited to any single node type; any node that resolves
credentials dynamically through these endpoints may be affected.


Patches

The issue has been fixed in n8n version 2.18.0. Users should upgrade to
this version or later to remediate the vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Restrict n8n access to fully trusted users only.
    Avoid sharing workflows with users who should not have access to the
credentials those workflows reference.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Severity
High
7.1/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity None
Availability Low
Subsequent System Impact Metrics
Confidentiality Low
Integrity Low
Availability Low
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L

CVE ID
CVE-2026-42226

Weaknesses
No CWEs

Credits

    @ESPanda666 ESPanda666 Reporter

_____________________________________________________________________


SQL Injection in SeaTable Node
Moderate
Jubke published GHSA-mp4j-h6gh-f6mp Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

A flaw in the SeaTable node's row:search and row:get operations allowed
user-controlled input to be concatenated directly into SQL query strings
without escaping or parameterization. In workflows where external user
input is passed via expressions into the SeaTable node's search or row
retrieval parameters, an attacker could manipulate the constructed query
to retrieve unintended rows from the connected SeaTable base, bypassing
row-level filtering logic implemented in the workflow.

Exploitation requires a specific workflow configuration:

    The SeaTable node must be used with user-controlled input passed via
expressions (e.g., from a form or webhook) into the searchTerm or rowId
parameters.


Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate the
vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted users
only.
    Disable the SeaTable node by adding n8n-nodes-base.seaTable to the
NODES_EXCLUDE environment variable.
    Avoid passing unvalidated external user input into SeaTable node search
or row retrieval parameters via expressions.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity
Moderate
5.3/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality None
Integrity None
Availability None
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

CVE ID
CVE-2026-42229

Weaknesses
Weakness CWE-89

Credits

    @sm1ee sm1ee Reporter
_____________________________________________________________________


Public API Variables IDOR Allows Cross-Project Secret Disclosure
Moderate
Jubke published GHSA-756q-gq9h-fp22 Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4
Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

An authenticated user with a valid API key scoped to variable:list could
read variables from projects they are not a member of by supplying an
arbitrary projectId query parameter to the public API variables endpoint.
The handler queried the variables repository directly without enforcing
project membership checks, bypassing the authorization-aware service layer
used by the internal enterprise controller.

If variables were misused to store sensitive information such as
credentials or tokens, they should be rotated immediately.

This issue only affects licensed enterprise or team deployments with
multiple projects and the variables feature enabled.


Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate the
vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Restrict n8n access and API key issuance to fully trusted users only.
    Audit existing project variables for sensitive values and rotate any
secrets that may have been exposed.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N


Severity
Moderate
6.0/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity None
Availability None
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N


CVE ID
CVE-2026-42227

Weaknesses
Weakness CWE-639

Credits

    @nkoorty nkoorty Reporter
    @jjjutla jjjutla Reporter

_____________________________________________________________________


SQL Injection in Snowflake and MySQL Nodes
Moderate
Jubke published GHSA-hp3c-vfpm-q4f7 Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the
legacy MySQL v1 node. Both nodes construct SQL queries by directly
interpolating user-controlled table names, column names, and update keys
into query strings without identifier escaping, enabling SQL injection
against the connected database.

Exploitation requires a specific workflow configuration:

    The Snowflake or MySQL v1 node must be used with user-controlled input
passed via expressions (e.g., from a form or webhook) into identifier
fields such as table name, column name, or update key.

Successful exploitation could allow data exfiltration, modification, or
deletion on the downstream database.


Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate the
vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted
users only.
    Migrate workflows from the legacy MySQL v1 node to the MySQL v2 node,
which already implements identifier escaping.
    Disable the Snowflake node by adding n8n-nodes-base.snowflake to the
NODES_EXCLUDE environment variable.
    Avoid passing unvalidated external user input into table name, column
name, or update key fields via expressions in the affected nodes.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Severity
Moderate
5.3/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality None
Integrity None
Availability None
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

CVE ID
CVE-2026-42237

Weaknesses
No CWEs


_____________________________________________________________________

SQL Injection in Oracle Database Node via Limit Field
Moderate
Jubke published GHSA-r6jc-mpqw-m755 Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

A flaw in the Oracle Database node's select operation allowed
user-controlled input passed into the Limit field via expressions to
be interpolated directly into the SQL query without sanitization or
parameterization. In workflows where external input is passed into the
Limit field (e.g., from a webhook), an attacker could inject arbitrary
SQL and exfiltrate data from the connected Oracle database.

Exploitation requires a specific workflow configuration:

    The Oracle Database node must be used with user-controlled input
passed via expressions into the Limit field.
    Authentication requirements depend on the workflow's configuration
(e.g., an unauthenticated webhook endpoint would allow unauthenticated
exploitation).


Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate the
vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Limit workflow creation and editing permissions to fully trusted
users only.
    Disable the Oracle Database node by adding n8n-nodes-base.oracleDatabase
to the NODES_EXCLUDE environment variable.
    Avoid passing unvalidated external user input into the Oracle Database
node's Limit field via expressions.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.


Severity
Moderate
5.3/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality None
Integrity None
Availability None
Subsequent System Impact Metrics
Confidentiality High
Integrity High
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

CVE ID
CVE-2026-42233

Weaknesses
Weakness CWE-20

Credits

    @pawbednarz pawbednarz Reporter

_____________________________________________________________________


Unauthenticated Denial of Service via MCP Client Registration
High
Jubke published GHSA-49m9-pgww-9vq6 Apr 22, 2026

Package
n8n (npm)

Affected versions
< 1.123.32
< 2.18.1
< 2.17.4

Patched versions
>= 1.123.32
>= 2.18.1
>= 2.17.4


Description

Impact

The MCP OAuth client registration endpoint accepted unauthenticated
requests and stored client data without adequate resource controls. An
unauthenticated remote attacker could exhaust server memory resources
by sending large registration payloads, rendering the n8n instance
unavailable. The MCP enable/disable toggle gates MCP access but did
not restrict client registrations, meaning the endpoint is reachable
regardless of whether MCP access is enabled on the instance.

The patches address the unbound registration with an upper bound of
registered clients and disabling creation when MCP is disabled on the
instance. Mean to restrict the payload size of requests already exist
and can be used to control additional risks.
Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
Users should upgrade to one of these versions or later to remediate
the vulnerability.


Workarounds

If upgrading is not immediately possible, administrators should consider
the following temporary mitigations:

    Restrict network access to the n8n instance to prevent requests from
untrusted sources.
    Reduce the maximum accepted payload size by lowering the
N8N_PAYLOAD_SIZE_MAX environment variable from its default value.

These workarounds do not fully remediate the risk and should only be used
as short-term mitigation measures.

n8n has adopted CVSS 4.0 as primary score for all security advisories.
CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
High
8.7/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required None
User interaction None
Vulnerable System Impact Metrics
Confidentiality None
Integrity None
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2026-42236

Weaknesses
No CWEs

Credits

    @ori-ron ori-ron Reporter



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================