CVE-2026-42236 - Vulnerability Details

- n8n: Unauthenticated Denial of Service via MCP Client Registration

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

Published: 2026-05-04

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The MCP OAuth client registration endpoint in n8n accepts unauthenticated requests and stores community data without enforcing resource limits. By repeatedly submitting large payloads, an attacker can consume server memory until the process crashes or becomes unresponsive, causing a denial of service. This flaw is a classic case of resource exhaustion (CWE‑770).

Affected Systems

Affected products are n8n—the open‑source workflow automation platform—specifically any instance running a version older than 1.123.32, 2.17.4 or 2.18.1. All releases prior to those patch versions remain vulnerable. Users of newer major releases are not impacted by this advisory but should verify similar endpoints for proper limits.

Risk and Exploitability

The CVSS score of 8.7 indicates a high impact vulnerability with remote unauthenticated exploitation. No EPSS score is available, so the likelihood of active exploitation is unknown; the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely a simple HTTP POST to the registration endpoint from any IP address, meaning an external attacker can trigger the denial of service without authentication.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n8n-io

n8n

affected

Version	Status	Constraints
`< 1.123.32`	affected	—
`>= 2.17.0, < 2.17.4`	affected	—
`>= 2.18.0, < 2.18.1`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the n8n installation to at least version 1.123.32, 2.17.4, or 2.18.1, which contain the patch for this issue.
Until the upgrade can be applied, block external traffic to the MCP client registration endpoint using a firewall, reverse‑proxy rule, or network access control list.
Monitor server memory usage and set alerts for abnormal consumption, terminating unresponsive or overloaded instances if necessary.

Generated by OpenCVE AI on May 4, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6

History

Mon, 04 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 04 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title		n8n: Unauthenticated Denial of Service via MCP Client Registration
Weaknesses		CWE-770
References		https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-04T18:38:51.626Z

Updated: 2026-05-04T19:59:24.621Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42236

Vulnrichment

Updated: 2026-05-04T19:59:13.387Z

NVD

Status : Received

Published: 2026-05-04T19:16:06.337

Modified: 2026-05-04T19:16:06.337

Link: CVE-2026-42236

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T20:30:08Z

Weaknesses

CWE-770

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object