pkg:npm/n8n-mcp

所有已知漏洞

• HIGH8.5CVE-2026-42449n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders
  >= 2.47.4, < 2.47.14
• HIGH8.5CVE-2026-39974n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode
  from 0, < 2.47.4
• HIGH8.1CVE-2026-45707n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete
  from 0, < 2.51.2
• MEDIUM6.5CVE-2026-45582n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
  from 0, < 2.51.3
• MEDIUM5.3CVE-2026-41495n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests
  from 0, < 2.47.11
• MEDIUM4.3CVE-2026-42282n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode
  from 0, < 2.47.13
• —CVE-2026-44694n8n-mcp webhook and API client paths has an authenticated SSRF
  >= 2.18.7, < 2.50.2