EXECUTIVE SUMMARY:
CVE-2026-45707 with a CVSS score of 8.1 is a CWE-284 (Incorrect Modification of Resource Within the System) vulnerability in the npm/n8n-mcp package. The vulnerability affects versions <= 2.51.1, which allows an attacker to exploit a multi-tenant MCP request to fall back to process-level n8n credentials when tenant headers are absent or incomplete, enabling them to execute n8n management calls against the operator's instance instead of their own. An authenticated MCP tenant can exploit this path to read and write workflows, executions, data-table contents, and credential metadata on the operator's n8n instance, potentially escalating to remote code execution inside the operator's n8n runtime. This vulnerability has a business impact and consequences if exploited, as it may lead to unauthorized access and modifications to sensitive data, resulting in potential data breaches and system compromise. To exploit this vulnerability, an attacker requires access to a shared multi-tenant service running in HTTP-mode with ENABLE_MULTI_TENANT=true.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-45707 with a CVSS score of 8.1 is a CWE-284 (Incorrect Modification of Resource Within the System) vulnerability in the npm/n8n-mcp package. The vulnerability affects versions <= 2.51.1, which allows an attacker to exploit a multi-tenant MCP request to fall back to process-level n8n credentials when tenant headers are absent or incomplete, enabling them to execute n8n management calls against the operator's instance instead of their own. An authenticated MCP tenant can exploit this path to read and write workflows, executions, data-table contents, and credential metadata on the operator's n8n instance, potentially escalating to remote code execution inside the operator's n8n runtime. This vulnerability has a business impact and consequences if exploited, as it may lead to unauthorized access and modifications to sensitive data, resulting in potential data breaches and system compromise. To exploit this vulnerability, an attacker requires access to a shared multi-tenant service running in HTTP-mode with ENABLE_MULTI_TENANT=true.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-jxx9-px88-pj69