GHSA-8G7G-HMWM-6RV2: GHSA-8g7g-hmwm-6rv2: Path Traversal, SSRF, and Information Exposure in n8n-mcp

1 / 2

GHSA-8G7G-HMWM-6RV2: GHSA-8g7g-hmwm-6rv2: Path Traversal, SSRF, and Information Exposure in n8n-mcp

DEV Community·CVE Reports·24 days ago

#0gYoG1ge

#releasev2501 #security #cve #cybersecurity #telemetry #ghsa

Reading 0:00

15s threshold

GHSA-8g7g-hmwm-6rv2: Path Traversal, SSRF, and Information Exposure in n8n-mcp Vulnerability ID: GHSA-8G7G-HMWM-6RV2 CVSS Score: 8.5 Published: 2026-05-08 Multiple high-severity vulnerabilities were identified in the n8n-mcp package prior to version 2.50.1. These vulnerabilities include a Path Traversal flaw in the API client, a Server-Side Request Forgery (SSRF) bypass via redirect-following, and an Information Exposure vulnerability in the telemetry service. Collectively, these flaws permit credential theft, internal network access, and the leakage of sensitive workflow configurations. TL;DR Versions of n8n-mcp before 2.50.1 suffer from path traversal in API path construction, SSRF via uncontrolled redirect following, and plain-text exposure of sensitive API keys in telemetry data. The vendor patched these issues in version 2.50.1.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-8G7G-HMWM-6RV2: GHSA-8g7g-hmwm-6rv2: Path Traversal, SSRF, and Information Exposure in n8n-mcp