DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-WG4G-395P-MQV3: GHSA-WG4G-395P-MQV3: Cleartext Logging of Sensitive Tool-Call Arguments in n8n-mcp

#security #cve #cybersecurity #ghsa

GHSA-WG4G-395P-MQV3: Cleartext Logging of Sensitive Tool-Call Arguments in n8n-mcp

Vulnerability ID: GHSA-WG4G-395P-MQV3
CVSS Score: 5.3
Published: 2026-04-25

The n8n-mcp npm package prior to version 2.47.3 contains an information disclosure vulnerability when operating in HTTP mode. The server explicitly logs incoming JSON-RPC request bodies, which exposes sensitive tool-call arguments, including API keys and internal data, to application logs in cleartext.

TL;DR

n8n-mcp logs sensitive tool-call arguments in cleartext when running in HTTP mode. Update to version 2.47.3 to remove the vulnerable logging configuration.

Technical Details

  • Vulnerability Type: CWE-532: Insertion of Sensitive Information into Log File
  • Attack Vector: Local / Log Access
  • Impact: High Confidentiality Loss
  • Exploit Status: Passive Information Disclosure
  • CVSS Score: 5.3 (Moderate)
  • Affected Component: n8n-mcp < 2.47.3

Affected Systems

  • n8n-mcp npm package
  • Model Context Protocol (MCP) server implementations
  • Log aggregation and monitoring infrastructure
  • n8n-mcp: < 2.47.3 (Fixed in: 2.47.3)

Code Analysis

Commit: 643c98b

Remove params from logger call in handleRequest method to prevent sensitive data disclosure.

Mitigation Strategies

  • Software Update
  • Log Sanitization
  • Credential Rotation

Remediation Steps:

  1. Identify all projects and environments utilizing the n8n-mcp package.
  2. Update the n8n-mcp package dependency to version 2.47.3 or later via npm.
  3. Scan existing application logs, container standard output, and centralized logging platforms for the 'handleRequest: Processing MCP request' string.
  4. Rotate any API keys, credentials, or sensitive tokens that are discovered within the historical log output.
  5. Purge the affected historical logs from the centralized logging infrastructure.

References

Read the full report for GHSA-WG4G-395P-MQV3 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)