Vulnerability  ·  2026-07-17

n8n-MCP — Cross-Tenant Access to Workflow Version Backups in Multi-Tenant HTTP Mode

VulnerabilityHigh impactGlobalCVE-2026-54052
n8n-mcp, an MCP server giving AI assistants access to n8n node documentation and operations, failed to isolate workflow-version backup storage per tenant in its multi-tenant HTTP deployment mode, exposing other tenants' stored credential references and authorization headers.
n8n-mcp lets AI agents operate n8n automation workflows; a cross-tenant break in a shared MCP deployment can leak API credentials and let one tenant destroy another's automation history, a serious confidentiality and integrity failure for multi-tenant agentic automation platforms.
In HTTP mode with multi-tenancy enabled, local workflow version-history backups were stored without per-tenant isolation, letting an authenticated tenant read, delete, or destroy other tenants' stored workflow snapshots — which include full node definitions such as credential references and authorization headers.
n8n-mcp prior to 2.56.1
Upgrade to n8n-mcp 2.56.1 or later.
GitLab Advisory DatabaseNVD CVE-2026-54052
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →