Plattform
nodejs
Komponente
n8n-mcp
Behoben in
2.47.5
CVE-2026-39974 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in n8n-mcp, a Model Context Protocol (MCP) server used by n8n. This flaw allows authenticated attackers to manipulate the server into making HTTP requests to arbitrary URLs, potentially exposing sensitive internal resources. The vulnerability affects versions of n8n-mcp up to and including 2.47.4, and a patch is available in version 2.47.4.
The SSRF vulnerability in n8n-mcp poses a significant risk because it allows an attacker to leverage the server's privileges to access resources it would normally be restricted from. An authenticated attacker, possessing a valid AUTH_TOKEN, can craft malicious HTTP requests through multi-tenant headers, causing the n8n-mcp server to fetch data from any URL the server can reach. This includes sensitive cloud instance metadata endpoints like AWS IMDS, GCP, Azure, Alibaba, and Oracle, potentially revealing credentials, API keys, and other confidential information. The attacker can then reflect these responses back through JSON-RPC, effectively exfiltrating data. The blast radius extends to any internal network accessible by the n8n-mcp server.
CVE-2026-39974 was publicly disclosed on 2026-04-09. The vulnerability is not currently listed on CISA KEV, and there is no known EPSS score. No public proof-of-concept (PoC) code has been released at the time of writing, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations using n8n with n8n-mcp enabled are at risk, particularly those deploying n8n in cloud environments (AWS, GCP, Azure, Alibaba, Oracle). Shared hosting environments where multiple users share an n8n instance are also at increased risk, as an attacker could potentially exploit the vulnerability through another user's account.
• nodejs / server:
journalctl -u n8n-mcp -f | grep -i "http request"• nodejs / server:
ps aux | grep n8n-mcp | grep -i "http request"• generic web: Review n8n-mcp access logs for unusual outbound HTTP requests to external URLs, particularly those related to cloud metadata services (e.g., 169.254.169.253 for AWS IMDS). • generic web: Inspect n8n-mcp error logs for any errors related to HTTP request failures or connection timeouts to unexpected URLs.
disclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-39974 is to immediately upgrade n8n-mcp to version 2.47.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access to the n8n-mcp server to only necessary resources. Implement strict input validation on any data received from external sources. Consider using a Web Application Firewall (WAF) or proxy to filter outbound HTTP requests and block requests to suspicious URLs. Monitor n8n-mcp logs for unusual outbound HTTP requests. After upgrading, confirm the fix by attempting to trigger an HTTP request to an external URL and verifying that the request is blocked or denied.
Aktualisieren Sie auf Version 2.47.4 oder höher, um die SSRF-Schwachstelle zu mindern. Dieses Update behebt das Problem, indem die URLs validiert werden, an die HTTP-Anfragen gesendet werden, wodurch verhindert wird, dass ein authentifizierter Angreifer den Server zwingt, Anfragen an beliebige URLs zu senden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-39974 is a Server-Side Request Forgery (SSRF) vulnerability in n8n-mcp, allowing authenticated attackers to make HTTP requests to arbitrary URLs.
You are affected if you are using n8n-mcp versions 2.47.4 or earlier. Upgrade to 2.47.4 to mitigate the risk.
Upgrade n8n-mcp to version 2.47.4 or later. Implement temporary workarounds like restricting network access and using a WAF if immediate upgrade is not possible.
There is no confirmed active exploitation at this time, but the SSRF nature of the vulnerability suggests potential for exploitation.
Refer to the official n8n security advisory for details and updates: [https://n8n.io/security/advisories](https://n8n.io/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.