A high-severity vulnerability in the n8n-MCP server poses a significant risk of unauthorized information disclosure regarding sensitive node documentation and operations.

The vulnerability relates to the Model Context Protocol (MCP) server implementation within n8n. It involves improper handling of access controls or data exposure, potentially allowing unauthorized AI entities to interact with or extract sensitive operational configuration data.

Successful exploitation could lead to the exposure of internal workflow documentation and operational properties, facilitating reconnaissance for further attacks against the n8n environment. Given the CVSS score of 8.5, the risk to intellectual property and internal configuration security is substantial.

Immediate Action: Review the official n8n security advisory and apply the latest security patches for the n8n-MCP component immediately.

Proactive Monitoring: Audit logs for unusual access requests to the MCP interface and monitor for unexpected AI-driven queries against sensitive endpoints.

Compensating Controls: Restrict network access to the MCP server endpoint to trusted IP ranges and implement robust authentication mechanisms for all AI-assistant integrations.

Public Exploit Available: false

Organizations utilizing n8n-MCP must treat this issue with high urgency. Ensure all components are updated to the latest supported versions and audit existing integrations to ensure that AI access is limited to the minimum required functionality.