GHSA-75hx-xj24-mqrw: n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

April 10, 2026

Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials.

References

github.com/advisories/GHSA-75hx-xj24-mqrw
github.com/czlonkowski/n8n-mcp
github.com/czlonkowski/n8n-mcp/commit/ca9d4b3df6419b8338983be98f7940400f78bde3
github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.6
github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-75hx-xj24-mqrw

Code Behaviors & Features

Detect and mitigate GHSA-75hx-xj24-mqrw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →