CVE-2026-42230 - Vulnerability Details

- n8n: Open Redirect in MCP OAuth Consent Flow

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks "Deny" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

Published: 2026-05-04

Score: 5.1 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker to register an OAuth client with any redirect_uri because the /mcp-oauth/register endpoint accepts registrations unauthenticated. When a user later denies the OAuth consent, the application redirects to the previously registered redirect_uri without validating it. This permits an open redirect to an attacker‑controlled site, enabling phishing or social engineering attacks against users who click "Deny" on the consent dialog. The weakness is a classic open‑redirect flaw (CWE‑601).

Affected Systems

The flaw exists in n8n-io:n8n before the following releases: 1.123.32, 2.17.4, and 2.18.1. Users running any earlier version of n8n are affected.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity. The EPSS score is not available, so the current exploitation probability is unknown. The vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit the flaw by creating an OAuth client with a malicious redirect_uri, sending a phishing link to a victim, and tricking the victim into clicking "Deny" on the consent form, after which the victim is silently redirected to the attacker‑controlled URL. The attack does not require any victim‑side software installation and can be performed purely through a web interaction.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n8n-io

n8n

affected

Version	Status	Constraints
`< 1.123.32`	affected	—
`>= 2.17.0, < 2.17.4`	affected	—
`>= 2.18.0, < 2.18.1`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade n8n to version 1.123.32, 2.17.4, or 2.18.1 or later to apply the vendor patch.
Verify that all OAuth client registrations enforce redirect_uri validation and do not allow arbitrary values.
Restrict the /mcp-oauth/register endpoint to authenticated users only, or remove it from public access.

Generated by OpenCVE AI on May 4, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9

History

Mon, 04 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 04 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks "Deny" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title		n8n: Open Redirect in MCP OAuth Consent Flow
Weaknesses		CWE-601
References		https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-04T18:28:43.069Z

Updated: 2026-05-04T19:56:27.611Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42230

Vulnrichment

Updated: 2026-05-04T19:56:16.080Z

NVD

Status : Received

Published: 2026-05-04T19:16:05.237

Modified: 2026-05-04T19:16:05.237

Link: CVE-2026-42230

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T20:30:08Z

Weaknesses

CWE-601

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object