CVE-2026-44694

May 8, 2026, 8:16 p.m.

7.2
High

Description

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. This issue has been patched in version 2.50.2.

Product(s) Impacted

Vendor Product Versions
N8n
  • N8n
  • 2.18.7-2.50.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a n8n n8n 2.18.7-2.50.1 / / / / / / /

References

https://github.com/czlonkowski/n8n-mcp/commit/bcaba839409d470abeb4a6ad9b361b553a1098eb
https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.50.2
https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-cmrh-wvq6-wm9r

Tags

[email protected]
CWE-367
2026-05-08
CVE-2026-44694

CVSS Score

7.2 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Attack Requirements: PRESENT
  • Privileges Required: LOW
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: LOW
  • Availability Impact: LOW
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: May 8, 2026, 8:16 p.m.
Last Modified: May 8, 2026, 8:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

Linked Attack Reports

How attackers are jailbreaking LLMs with CTF framing and how to catch them

Threat actors are bypassing AI model safety guardrails by framing exploit requests as legitimate security research, such as capture-the-flag challenges or CVE-hunting exercises. This technique manipulates upstream LLMs into generating working exploit code that attackers deploy against real targets.…
credential harvesting
CVE-2026-33017
CVE-2026-39987
ai agent exploitation
CVE-2026-40281
CVE-2026-42208
CVE-2026-42271
CVE-2026-44336
CVE-2026-44694
CVE-2026-42266
CVE-2026-42589
CVE-2026-45331
CVE-2026-45397
CVE-2026-45672
CVE-2026-45301
2026-06-15
ai platform targeting
ctf framing
cve exploitation
CVE-2026-42302
CVE-2026-47391
llm jailbreaking
prompt injection
rce campaigns
Published: June 15, 2026
Linked vulnerabilities : CVE-2026-0770 (CVSS 9.8), CVE-2026-33017 (CVSS 9.3), CVE-2026-39987 (CVSS 9.3), CVE-2026-40281 (CVSS 10.0), CVE-2026-42208 (CVSS 9.3), CVE-2026-42271 (CVSS 8.7), CVE-2026-44336 (CVSS 9.4), CVE-2026-44694 (CVSS 7.2), CVE-2026-42589 (CVSS 9.8), CVE-2026-45331 (CVSS 8.5), CVE-2026-45672 (CVSS 8.8), CVE-2026-45301 (CVSS 8.1), CVE-2026-47391
Downloadable IOCs: 6

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.