n8n-mcp is vulnerable to Insecure Direct Object Reference (IDOR)
99
Critical Risk
n8n-mcp stores automatic workflow version backups in a local workflow_versions table that lacked any per-tenant scoping. In multi-tenant HTTP deployments the n8n_workflow_versions tool queries rows by a predictable sequential integer ID without verifying that the calling tenant owns the record. An authenticated tenant can enumerate IDs to read, roll back, delete, or truncate other tenants' snapshots, which include full node definitions containing credential references and authorization headers. The fix adds an instance_id column, scopes every read, list, get, delete, rollback, and prune query to the calling instance, and clears legacy un-scoped backups during migration.
You are affected if you are using a version that falls within the vulnerable range and running in multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true.
n8n-mcp is vulnerable to Insecure Direct Object Reference (IDOR) in versions 2.22.5 - 2.56.0.
Upgrade the n8n-mcp library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant