n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an authenticated tenant to access default-scope workflow_versions backups instead of being confined to the tenant scope, exposing or deleting workflow-version backups from prior single-tenant deployments or migrations. This issue is fixed in version 2.57.4.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Czlonkowski
Czlonkowski n8n-mcp |
|
| Vendors & Products |
Czlonkowski
Czlonkowski n8n-mcp |
Wed, 15 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an authenticated tenant to access default-scope workflow_versions backups instead of being confined to the tenant scope, exposing or deleting workflow-version backups from prior single-tenant deployments or migrations. This issue is fixed in version 2.57.4. | |
| Title | n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode | |
| Weaknesses | CWE-200 CWE-863 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-07-15T20:35:29.539Z
Updated: 2026-07-17T12:32:25.385Z
Reserved: 2026-06-16T23:31:22.445Z
Link: CVE-2026-55608
Updated: 2026-07-17T12:32:21.627Z
No data.
No data.