GHSA-F3RG-XQJJ-CJ9W

Vulnerability from github – Published: 2026-05-18 13:26 – Updated: 2026-05-18 13:26
VLAI
Summary
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
Details

Summary

In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md.

Impact

Operators with access to the project's telemetry backend could read partial fragments of workflow URL parameters that should not have been collected. The bug was scoped to URL-shaped fields in workflow definitions; credentials, OAuth tokens, and workflow execution data are not affected — credentials are removed by a separate code path, and long secrets and known-provider tokens are matched by dedicated patterns.

Patches

Fixed in n8n-mcp 2.51.3. Upgrading is the recommended remediation.

Workarounds

For users who cannot upgrade immediately, disable anonymous telemetry by setting any of these environment variables to true:

  • N8N_MCP_TELEMETRY_DISABLED
  • TELEMETRY_DISABLED
  • DISABLE_TELEMETRY

Credit

Reported by @u-ktdi.

Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n-mcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.51.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-201"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T13:26:51Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nIn affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project\u0027s anonymous telemetry backend. Values placed in HTTP-Request-style node parameters \u2014 such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters \u2014 could therefore appear in stored telemetry, contrary to the collection boundary documented in `PRIVACY.md`.\n\n## Impact\n\nOperators with access to the project\u0027s telemetry backend could read partial fragments of workflow URL parameters that should not have been collected. The bug was scoped to URL-shaped fields in workflow *definitions*; credentials, OAuth tokens, and workflow *execution* data are not affected \u2014 credentials are removed by a separate code path, and long secrets and known-provider tokens are matched by dedicated patterns.\n\n## Patches\n\nFixed in **n8n-mcp `2.51.3`**. Upgrading is the recommended remediation.\n\n## Workarounds\n\nFor users who cannot upgrade immediately, disable anonymous telemetry by setting any of these environment variables to `true`:\n\n- `N8N_MCP_TELEMETRY_DISABLED`\n- `TELEMETRY_DISABLED`\n- `DISABLE_TELEMETRY`\n\n## Credit\n\nReported by @u-ktdi.",
  "id": "GHSA-f3rg-xqjj-cj9w",
  "modified": "2026-05-18T13:26:51Z",
  "published": "2026-05-18T13:26:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/pull/782"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/czlonkowski/n8n-mcp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.