Plataforma
nodejs
Componente
n8n-mcp
Corregido en
2.47.5
CVE-2026-39974 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in n8n-mcp, a Model Context Protocol (MCP) server used by n8n. This flaw allows authenticated attackers to manipulate the server into making HTTP requests to arbitrary URLs, potentially exposing sensitive internal resources. The vulnerability affects versions of n8n-mcp up to and including 2.47.4, and a patch is available in version 2.47.4.
The SSRF vulnerability in n8n-mcp poses a significant risk because it allows an attacker to leverage the server's privileges to access resources it would normally be restricted from. An authenticated attacker, possessing a valid AUTH_TOKEN, can craft malicious HTTP requests through multi-tenant headers, causing the n8n-mcp server to fetch data from any URL the server can reach. This includes sensitive cloud instance metadata endpoints like AWS IMDS, GCP, Azure, Alibaba, and Oracle, potentially revealing credentials, API keys, and other confidential information. The attacker can then reflect these responses back through JSON-RPC, effectively exfiltrating data. The blast radius extends to any internal network accessible by the n8n-mcp server.
CVE-2026-39974 was publicly disclosed on 2026-04-09. The vulnerability is not currently listed on CISA KEV, and there is no known EPSS score. No public proof-of-concept (PoC) code has been released at the time of writing, but the SSRF nature of the vulnerability makes it likely that a PoC will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations using n8n with n8n-mcp enabled are at risk, particularly those deploying n8n in cloud environments (AWS, GCP, Azure, Alibaba, Oracle). Shared hosting environments where multiple users share an n8n instance are also at increased risk, as an attacker could potentially exploit the vulnerability through another user's account.
• nodejs / server:
journalctl -u n8n-mcp -f | grep -i "http request"• nodejs / server:
ps aux | grep n8n-mcp | grep -i "http request"• generic web: Review n8n-mcp access logs for unusual outbound HTTP requests to external URLs, particularly those related to cloud metadata services (e.g., 169.254.169.253 for AWS IMDS). • generic web: Inspect n8n-mcp error logs for any errors related to HTTP request failures or connection timeouts to unexpected URLs.
disclosure
Estado del Exploit
EPSS
0.03% (8% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-39974 is to immediately upgrade n8n-mcp to version 2.47.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access to the n8n-mcp server to only necessary resources. Implement strict input validation on any data received from external sources. Consider using a Web Application Firewall (WAF) or proxy to filter outbound HTTP requests and block requests to suspicious URLs. Monitor n8n-mcp logs for unusual outbound HTTP requests. After upgrading, confirm the fix by attempting to trigger an HTTP request to an external URL and verifying that the request is blocked or denied.
Actualice a la versión 2.47.4 o superior para mitigar la vulnerabilidad de SSRF. Esta actualización corrige el problema al validar las URLs a las que se realizan las solicitudes HTTP, previniendo que un atacante autenticado fuerce al servidor a realizar solicitudes a URLs arbitrarias.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-39974 is a Server-Side Request Forgery (SSRF) vulnerability in n8n-mcp, allowing authenticated attackers to make HTTP requests to arbitrary URLs.
You are affected if you are using n8n-mcp versions 2.47.4 or earlier. Upgrade to 2.47.4 to mitigate the risk.
Upgrade n8n-mcp to version 2.47.4 or later. Implement temporary workarounds like restricting network access and using a WAF if immediate upgrade is not possible.
There is no confirmed active exploitation at this time, but the SSRF nature of the vulnerability suggests potential for exploitation.
Refer to the official n8n security advisory for details and updates: [https://n8n.io/security/advisories](https://n8n.io/security/advisories)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.