Multiple Critical Vulnerabilities in n8n Workflow Automation MCP OAuth Implementation

Two critical vulnerabilities affect n8n's MCP (Model Context Protocol) OAuth client registration and resource management. CVE-2026-42235: An unauthenticated attacker can register a malicious MCP OAuth client with a crafted client_name. If a victim user authorizes the consent dialog and a second user subsequently revokes access, the malicious client_name is reflected in the revocation flow, enabling XSS or open redirect attacks. CVE-2026-42236: The MCP OAuth client registration endpoint accepts unauthenticated requests and stores client data without resource controls, allowing remote attackers to exhaust server memory or storage by registering an unlimited number of malicious clients.

CVE-2026-42235: An attacker registers a malicious OAuth client with an XSS payload or open redirect URL embedded in the client_name. When a user revokes the OAuth grant, n8n reflects the unsanitized client_name in the revocation UI, triggering the payload and potentially exfiltrating session tokens or redirecting the user to a phishing site. CVE-2026-42236: An attacker scripts mass registration of OAuth clients via the unauthenticated endpoint, flooding the server with bogus entries until memory or storage is exhausted, causing denial of service and preventing legitimate OAuth workflows from functioning.

n8n versions prior to 1.123.32, 2.17.4, and 2.18.1. n8n is a popular open-source workflow automation platform used to orchestrate AI agents, integrate APIs, and automate business processes. It is widely deployed in enterprise environments and by developers building agentic AI systems.

Upgrade to n8n version 1.123.32, 2.17.4, or 2.18.1 or later. Immediately audit all MCP OAuth client registrations for suspicious or malformed client_name values. Implement rate limiting and authentication requirements on the /mcp-oauth/register endpoint if upgrading is not immediately possible. Organizations using n8n for agentic AI workflows should review which OAuth clients have been registered and revoke any that appear unauthorized or suspicious.