Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks "Deny" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Published: 2026-05-04
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to register an OAuth client with any redirect_uri because the /mcp-oauth/register endpoint accepts registrations unauthenticated. When a user later denies the OAuth consent, the application redirects to the previously registered redirect_uri without validating it. This permits an open redirect to an attacker‑controlled site, enabling phishing or social engineering attacks against users who click "Deny" on the consent dialog. The weakness is a classic open‑redirect flaw (CWE‑601).

Affected Systems

The flaw exists in n8n-io:n8n before the following releases: 1.123.32, 2.17.4, and 2.18.1. Users running any earlier version of n8n are affected.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity. The EPSS score is not available, so the current exploitation probability is unknown. The vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit the flaw by creating an OAuth client with a malicious redirect_uri, sending a phishing link to a victim, and tricking the victim into clicking "Deny" on the consent form, after which the victim is silently redirected to the attacker‑controlled URL. The attack does not require any victim‑side software installation and can be performed purely through a web interaction.

Generated by OpenCVE AI on May 4, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.32, 2.17.4, or 2.18.1 or later to apply the vendor patch.
  • Verify that all OAuth client registrations enforce redirect_uri validation and do not allow arbitrary values.
  • Restrict the /mcp-oauth/register endpoint to authenticated users only, or remove it from public access.

Generated by OpenCVE AI on May 4, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f6x8-65q6-j9m9 n8n has Open Redirect in MCP OAuth Consent Flow
History

Wed, 06 May 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*
cpe:2.3:a:n8n:n8n:2.18.0:*:*:*:enterprise:node.js:*:*
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Tue, 05 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Mon, 04 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks "Deny" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title n8n: Open Redirect in MCP OAuth Consent Flow
Weaknesses CWE-601
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-04T19:56:27.611Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42230

cve-icon Vulnrichment

Updated: 2026-05-04T19:56:16.080Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T19:16:05.237

Modified: 2026-05-06T14:57:11.210

Link: CVE-2026-42230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:30:05Z

Weaknesses