CVE-2026-55608 with a CVSS score of 4.2 is a vulnerability in n8n-mcp's local default-scope workflow-version storage, allowing an authenticated tenant to read or delete workflow-version backups stored in the default scope — for example, backups left from a prior single-tenant deployment or a migration period. This issue affects multi-tenant HTTP mode, where n8n-mcp's own local workflow-version storage is exposed, not a normal n8n API capability. The flaw type is incorrect authorization, and it can be exploited through the environment template management API in multi-tenant mode, requiring an authenticated tenant under certain conditions to access n8n-mcp's local default-scope workflow_versions backups instead of being restricted to its own tenant scope. This vulnerability may impact organizations because workflow snapshots can contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected.
We recommend you to update n8n-mcp to version 2.64.1 or later.[/subscribe_to_unlock_form]
CVE-2026-55608 with a CVSS score of 4.2 is a vulnerability in n8n-mcp's local default-scope workflow-version storage, allowing an authenticated tenant to read or delete workflow-version backups stored in the default scope — for example, backups left from a prior single-tenant deployment or a migration period. This issue affects multi-tenant HTTP mode, where n8n-mcp's own local workflow-version storage is exposed, not a normal n8n API capability. The flaw type is incorrect authorization, and it can be exploited through the environment template management API in multi-tenant mode, requiring an authenticated tenant under certain conditions to access n8n-mcp's local default-scope workflow_versions backups instead of being restricted to its own tenant scope. This vulnerability may impact organizations because workflow snapshots can contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected.
We recommend you to update n8n-mcp to version 2.64.1 or later.[emaillocker id="1283"]
The following reports contain further technical details:
[/emaillocker]