GHSA-75HX-XJ24-MQRW: GHSA-75HX-XJ24-MQRW: Unauthenticated Access and Information Exposure in n8n-mcp HTTP Transport

GHSA-75HX-XJ24-MQRW: Unauthenticated Access and Information Exposure in n8n-mcp HTTP Transport

Vulnerability ID: GHSA-75HX-XJ24-MQRW
CVSS Score: 7.5
Published: 2026-04-10

The n8n-mcp package prior to version 2.47.6 suffers from missing authentication checks and information disclosure vulnerabilities. Unauthenticated attackers can exploit exposed health endpoints to extract active session identifiers, and subsequently terminate or interact with Model Context Protocol (MCP) sessions.

TL;DR

Unauthenticated access and information leaks in n8n-mcp allow attackers to extract session IDs and perform denial-of-service via unauthorized session termination. Patched in v2.47.6.

---

⚠️ Exploit Status: POC

Technical Details

• Primary CWE: CWE-306: Missing Authentication for Critical Function
• Secondary CWE: CWE-200: Exposure of Sensitive Information
• Attack Vector: Network
• CVSS Score: 7.5 (High)
• Exploit Status: Proof of Concept Available
• Impact: Targeted Denial of Service, Information Disclosure

Affected Systems

• n8n-mcp HTTP Transport Server
• n8n-mcp: < 2.47.6 (Fixed in: 2.47.6)

Code Analysis

Commit: ca9d4b3

Fix: resolve missing authentication and information disclosure in HTTP transport endpoints

-    app.get('/health', (req, res) => {
-      const activeTransports = Object.keys(this.transports);
-      res.json({ 
-        status: 'ok', 
-        sessions: {
-          active: sessionMetrics.activeSessions,
-          sessionIds: activeTransports
-        },
-        security: {
-          defaultToken: isDefaultToken,
-        },
-        memory: { used: Math.round(process.memoryUsage().heapUsed / 1024 / 1024) },
-        timestamp: new Date().toISOString()
-      });
-    });
+    app.get('/health', (req, res) => {
+      res.json({
+        status: 'ok',
+        version: PROJECT_VERSION,
+        uptime: Math.floor(process.uptime()),
+        timestamp: new Date().toISOString()
+      });
+    });

-    app.get('/mcp', async (req, res) => {
+    app.get('/mcp', authLimiter, async (req, res) => {
+      if (!this.authenticateRequest(req, res)) return;

Exploit Details

• Nuclei Template Concept: A Nuclei template methodology for checking the /health endpoint for the leaked 'sessionIds' key.

Mitigation Strategies

• Upgrade n8n-mcp to a patched release (v2.47.6 or later).
• Restrict network access to the MCP HTTP port (default 3000) to trusted internal IPs.
• Ensure AUTH_TOKEN is securely generated and rotated away from default values.

Remediation Steps:

1. Identify all deployments utilizing the n8n-mcp NPM package.
2. Update package dependencies to enforce version 2.47.6 using the package manager.
3. Rebuild and redeploy application containers or bare-metal instances.
4. Validate the configuration to ensure default tokens are disabled.
5. Verify the output of the /health endpoint to confirm sensitive fields are no longer present.

References

• GitHub Advisory: GHSA-75HX-XJ24-MQRW
• n8n-mcp Repository
• Fix Commit: ca9d4b3df6419b8338983be98f7940400f78bde3
• Aliyun Vulnerability Database Record: AVD-2026-1867416

---

Read the full report for GHSA-75HX-XJ24-MQRW on our website for more details including interactive diagrams and full exploit analysis.