Vulnerabilities in czlonkowski
7 resultsCVE-2026-39974HIGHn8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP modeEPSS 0.3%CVE-2026-45582MEDIUMn8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parametersEPSS 0.3%CVE-2026-41495MEDIUMn8n-MCP Logs Sensitive Request Data on Unauthorized /mcp RequestsEPSS 0.3%CVE-2026-42282MEDIUMn8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP modeEPSS 0.3%CVE-2026-45707HIGHn8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incompleteEPSS 0.2%CVE-2026-44694HIGHn8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client pathsEPSS 0.2%CVE-2026-42449HIGHn8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embeddersEPSS 0.2%