CVE-2026-42235 | n8n-io n8n up to 1.123.31/2.17.3/2.18.0 MCP client_name cross site scripting (GHSA-537j-gqpc-p7fq)

A vulnerability has been found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0 and classified as problematic. This issue affects some unknown processing of the component MCP Handler. Performing a manipulation of the argument client_name results in improper neutralization of alternate xss syntax.

This vulnerability is known as CVE-2026-42235. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More