GHSA-4GGG-H7PH-26QR: Authenticated Server-Side Request Forgery in n8n-mcp Multi-Tenant Mode
Vulnerability ID: GHSA-4GGG-H7PH-26QR
CVSS Score: 8.8
Published: 2026-04-08
A high-severity Server-Side Request Forgery (SSRF) vulnerability exists in the n8n-mcp npm package prior to version 2.47.4. The flaw allows authenticated attackers to manipulate HTTP headers in multi-tenant mode, forcing the server to make unauthorized outbound requests to internal network resources and cloud provider metadata endpoints.
TL;DR
Authenticated attackers can exploit an SSRF in n8n-mcp (< 2.47.4) via the x-n8n-url header to read internal network services and cloud metadata.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-918
- Attack Vector: Network
- Privileges Required: Low (Authenticated)
- CVSS Score: 8.8
- Impact: Information Disclosure, Credential Exfiltration
- Exploit Status: Proof of Concept
Affected Systems
- n8n-mcp npm package (< 2.47.4)
-
n8n-mcp: < 2.47.4 (Fixed in:
2.47.4)
Code Analysis
Commit: d9d847f
Fix SSRF vulnerability in multi-tenant HTTP mode by introducing SSRFProtection utility
Mitigation Strategies
- Upgrade the n8n-mcp package to a patched version
- Disable multi-tenant HTTP mode if not required
- Implement strict network egress filtering
- Block access to cloud metadata IP addresses at the host level
Remediation Steps:
- Identify all deployments utilizing the n8n-mcp npm package.
- Update the package dependency to version 2.47.4 or later using the relevant package manager.
- Restart the n8n-mcp server process to apply the updated codebase.
- Verify the application logs to ensure the server starts without errors.
- Implement firewall rules to block egress traffic to 169.254.169.254.
References
Read the full report for GHSA-4GGG-H7PH-26QR on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)