Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package n8n-mcp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2026-44694 — CVSS 9.1 (critical): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to…
CVE-2026-42449 — CVSS 8.5 (high): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4…
CVE-2026-39974 — CVSS 8.5 (high): n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation…
CVE-2026-45707 — CVSS 8.1 (high): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when…
CVE-2026-45582 — CVSS 6.5 (medium): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the…
CVE-2026-41495 — CVSS 5.3 (medium): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version…
CVE-2026-42282 — CVSS 4.3 (medium): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version…