What is CVE-2026-42449?

CVE-2026-42449 is a high-severity vulnerability in Czlonkowski N8n-mcp, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.5/10. Published 2026-05-07.

How severe is CVE-2026-42449?

High severity. CVSS v3 base score is 8.5 out of 10.

SSRF in Czlonkowski N8n-mcp

CVE-2026-42449

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and val…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

Affected products

Czlonkowski N8n-mcp — versions >= 2.47.4, < 2.47.14
N8n-mcp

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

security-advisories@github.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2026-42449?: CVE-2026-42449 is a high-severity vulnerability in Czlonkowski N8n-mcp, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.5/10. Published 2026-05-07.
How severe is CVE-2026-42449?: High severity. CVSS v3 base score is 8.5 out of 10.