Description
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3.
Published: 2026-05-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The n8n‑MCP server, which supplies AI assistants with access to n8n node documentation, had a telemetry sanitizer that could leave fragments of URL‑shaped node parameters in data sent to an anonymous telemetry backend. Parameters such as customer or tenant identifiers, short secrets in query strings, and signed request values could be exposed in the stored telemetry, violating the privacy boundaries defined in PRIVACY.md. This represents a moderate confidentiality exposure (CWE‑201).

Affected Systems

The vulnerability affects releases of the czlonkowski:n8n‑mcp product that are older than v2.51.3. Systems running the n8n‑MCP server before that version are susceptible; the latest fixed release is v2.51.3. In practice, any deployment of n8n‑MCP that processes workflows containing URL‑shaped parameters is at risk.

Risk and Exploitability

With a CVSS score of 6.5 the risk is considered moderate. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed exploitation activity. Attackers could trigger the leakage by creating or executing a workflow that includes URL‑shaped parameters; no additional privileged conditions are noted. An adversary with access to a user’s workflow or the ability to execute code in the server could therefore cause sensitive data to be sent to the anonymous telemetry backend.

Generated by OpenCVE AI on May 29, 2026 at 15:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n‑MCP to v2.51.3 or newer
  • If an upgrade is not immediately possible, disable or restrict the anonymous telemetry feature to prevent data transmission
  • Audit existing workflows to eliminate or obfuscate URL‑shaped parameters that contain customer identifiers, secrets, or other sensitive data

Generated by OpenCVE AI on May 29, 2026 at 15:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f3rg-xqjj-cj9w n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Czlonkowski
Czlonkowski n8n-mcp
Vendors & Products Czlonkowski
Czlonkowski n8n-mcp

Fri, 29 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3.
Title n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Czlonkowski N8n-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T18:44:55.077Z

Reserved: 2026-05-12T19:00:14.601Z

Link: CVE-2026-45582

cve-icon Vulnrichment

Updated: 2026-05-29T18:44:42.478Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T14:16:30.563

Modified: 2026-05-29T15:06:44.207

Link: CVE-2026-45582

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:15:46Z

Weaknesses