n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a shared credential to send its secret to an external server they control. This issue is fixed in versions 2.27.4 and 2.28.1.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
N8n
N8n n8n |
|
| Vendors & Products |
N8n
N8n n8n |
Thu, 09 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a shared credential to send its secret to an external server they control. This issue is fixed in versions 2.27.4 and 2.28.1. | |
| Title | n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector | |
| Weaknesses | CWE-693 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-07-09T15:16:36.276Z
Updated: 2026-07-09T15:51:27.024Z
Reserved: 2026-07-02T21:05:02.924Z
Link: CVE-2026-59207
Updated: 2026-07-09T15:51:14.517Z
No data.
No data.