CVE-2026-41495: CWE-532: Insertion of Sensitive Information into Log File in czlonkowski n8n-mcp
CVE-2026-41495 is a vulnerability in the n8n-mcp server prior to version 2. 47. 11 where sensitive information from incoming HTTP POST requests to the /mcp endpoint is logged regardless of authentication success. This includes bearer tokens, per-tenant API keys, and JSON-RPC payloads. Although access control was not bypassed and unauthorized requests were rejected, sensitive data from these requests could be exposed through logs if those logs are accessible outside the request trust boundary. The issue has been addressed in version 2. 47. 11.
AI Analysis
Technical Summary
The n8n-mcp server, before version 2.47.11, logs request metadata for POST /mcp endpoint calls in HTTP transport mode without filtering sensitive information, even if authentication fails. This results in bearer tokens from Authorization headers, tenant API keys from x-n8n-key headers, and JSON-RPC request payloads being recorded in logs. While unauthorized requests receive a 401 Unauthorized response, the sensitive data contained in those requests is still persisted in logs, potentially exposing it if logs are collected or accessible externally. This vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File) and has a CVSS 3.1 base score of 5.3 (medium severity). The vulnerability was patched in version 2.47.11.
Potential Impact
Sensitive authentication tokens and request payload data can be exposed through server logs if those logs are accessible outside the trusted environment. This could lead to unauthorized disclosure of bearer tokens and API keys, potentially facilitating further attacks if an adversary gains access to the logs. However, the vulnerability does not allow bypassing access controls or unauthorized access to the service itself.
Mitigation Recommendations
Upgrade n8n-mcp to version 2.47.11 or later, where this logging behavior has been corrected to prevent sensitive information from being written to logs. Until upgraded, restrict access to logs to trusted personnel and systems only to minimize the risk of sensitive data exposure. Patch status is not explicitly stated as 'official-fix' in the vendor advisory, but the description confirms the issue is fixed in version 2.47.11.
CVE-2026-41495: CWE-532: Insertion of Sensitive Information into Log File in czlonkowski n8n-mcp
Description
CVE-2026-41495 is a vulnerability in the n8n-mcp server prior to version 2. 47. 11 where sensitive information from incoming HTTP POST requests to the /mcp endpoint is logged regardless of authentication success. This includes bearer tokens, per-tenant API keys, and JSON-RPC payloads. Although access control was not bypassed and unauthorized requests were rejected, sensitive data from these requests could be exposed through logs if those logs are accessible outside the request trust boundary. The issue has been addressed in version 2. 47. 11.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The n8n-mcp server, before version 2.47.11, logs request metadata for POST /mcp endpoint calls in HTTP transport mode without filtering sensitive information, even if authentication fails. This results in bearer tokens from Authorization headers, tenant API keys from x-n8n-key headers, and JSON-RPC request payloads being recorded in logs. While unauthorized requests receive a 401 Unauthorized response, the sensitive data contained in those requests is still persisted in logs, potentially exposing it if logs are collected or accessible externally. This vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File) and has a CVSS 3.1 base score of 5.3 (medium severity). The vulnerability was patched in version 2.47.11.
Potential Impact
Sensitive authentication tokens and request payload data can be exposed through server logs if those logs are accessible outside the trusted environment. This could lead to unauthorized disclosure of bearer tokens and API keys, potentially facilitating further attacks if an adversary gains access to the logs. However, the vulnerability does not allow bypassing access controls or unauthorized access to the service itself.
Mitigation Recommendations
Upgrade n8n-mcp to version 2.47.11 or later, where this logging behavior has been corrected to prevent sensitive information from being written to logs. Until upgraded, restrict access to logs to trusted personnel and systems only to minimize the risk of sensitive data exposure. Patch status is not explicitly stated as 'official-fix' in the vendor advisory, but the description confirms the issue is fixed in version 2.47.11.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-20T16:14:19.009Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fe3b37cbff5d86101fc042
Added to database: 5/8/2026, 7:36:23 PM
Last enriched: 5/8/2026, 7:51:48 PM
Last updated: 5/9/2026, 12:51:10 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.