Intel

AIKIDO-2026-552585

n8n-mcp is vulnerable to Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR)CVE-2026-54052 Published 3 days ago

99

Critical Risk

This Affects:

JSn8n-mcp
2.22.5 - 2.56.0
Fixed in 2.56.1
Are you affected? Scan for Free

TL;DR

n8n-mcp stores automatic workflow version backups in a local workflow_versions table that lacked any per-tenant scoping. In multi-tenant HTTP deployments the n8n_workflow_versions tool queries rows by a predictable sequential integer ID without verifying that the calling tenant owns the record. An authenticated tenant can enumerate IDs to read, roll back, delete, or truncate other tenants' snapshots, which include full node definitions containing credential references and authorization headers. The fix adds an instance_id column, scopes every read, list, get, delete, rollback, and prune query to the calling instance, and clears legacy un-scoped backups during migration.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and running in multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true.

Background info

n8n-mcp is vulnerable to Insecure Direct Object Reference (IDOR) in versions 2.22.5 - 2.56.0.

How to fix this

Upgrade the n8n-mcp library to the patch version.