CVE-2026-42449 | czlonkowski n8n-mcp up to 2.47.13 getN8nApiClient/validateInstanceContext n8nApiUrl server-side request forgery (GHSA-56c3-vfp2-5qqj)

A vulnerability was found in czlonkowski n8n-mcp up to 2.47.13. It has been classified as critical. This impacts the function getN8nApiClient/validateInstanceContext. This manipulation of the argument n8nApiUrl causes server-side request forgery.

This vulnerability is registered as CVE-2026-42449. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More