Description
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). This vulnerability is fixed in 2.25.7 and 2.26.2.
Published: 2026-06-23
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, when its @n8n/mcp-browser component is configured to use HTTP transport, it accepts session initialization and tool invocation requests without authentication. Any network‑reachable client, or any website that a user visits, can therefore create an MCP session and invoke browser‑control tools. If the n8n AI Browser Bridge extension is installed and a browser connection is live, an unauthenticated caller can control the user's actual browser profile, navigating pages, evaluating JavaScript, and accessing cookies and web storage. This vulnerability represents a CWE‑306 weakness: it is a lack of authentication. These capabilities can lead to unauthorized editing or reading of user data, privilege escalation within the browser context, and potential compromise of confidential information stored in the user's profile. The issue was fixed in n8n releases 2.25.7 and 2.26.2.

Affected Systems

All n8n installations running a version earlier than 2.25.7 (or earlier than 2.26.2 in the 2.26 series) that use the @n8n/mcp-browser package with the --transport http flag are affected. The flaw does not apply to builds that use WebSocket transport or to newer n8n releases that include the fix.

Risk and Exploitability

The CVSS score of 8.8 classifies the weakness as high severity. No EPSS score is available, and it is not listed in the CISA KEV catalog. Because the MCP endpoint accepts unauthenticated requests when the HTTP transport is enabled, a remote attacker with network access can easily exploit the flaw; any website visited by the user or any host that can reach the n8n service can create a session. This creates a significant risk of data theft from the user's browser profile and potential execution of malicious scripts. The vulnerability was mitigated in n8n releases 2.25.7 and 2.26.2.

Generated by OpenCVE AI on June 24, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to n8n version 2.25.7 or later that includes the MCP Browser security fix
  • If an immediate upgrade is not possible, disable HTTP transport for @n8n/mcp-browser (remove or comment out the --transport http setting) to prevent unauthenticated access
  • Apply network or firewall rules to restrict exposure of the MCP endpoint to trusted networks only
  • Enforce proper authentication on the MCP endpoint, ensuring that access is protected, in line with CWE-306 mitigation guidance

Generated by OpenCVE AI on June 24, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qrx8-25qr-5r7v n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). This vulnerability is fixed in 2.25.7 and 2.26.2.
Title n8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T15:45:15.836Z

Reserved: 2026-06-12T18:42:02.222Z

Link: CVE-2026-54309

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function