The n8n-mcp server, which provides AI assistants access to n8n node documentation and operations, had a vulnerability (CWE-532) where sensitive information passed in authenticated MCP tool calls was logged in plaintext in server logs when running in HTTP transport mode. This included bearer tokens, OAuth credentials, per-tenant API keys, webhook authentication headers, and other secret-bearing payloads. The logging occurred before any redaction, potentially exposing sensitive data if logs are collected, forwarded, or accessible outside the request trust boundary. The vulnerability requires valid authentication tokens to exploit and is mitigated by a fragile console-silencing layer that reduces runtime exposure. The issue was fixed in n8n-mcp version 2.47.13.

The vulnerability can lead to disclosure of sensitive credential material stored in server logs, including bearer tokens, OAuth credentials, API keys, and webhook authentication headers. This exposure could compromise the confidentiality of these secrets if logs are accessible to unauthorized parties through shared storage, SIEM systems, or operational support access. However, exploitation requires authenticated access, limiting the attack surface. There is no indication of impact on integrity or availability. No known exploits in the wild have been reported.

A fix for this vulnerability is available in n8n-mcp version 2.47.13. Users should upgrade to this version or later to prevent sensitive information from being logged. Until patched, restrict access to logs and authenticated MCP tools to trusted personnel only. Review log management practices to ensure sensitive data is not exposed externally. Patch status is not explicitly stated in the vendor advisory beyond the version where the issue is fixed, so confirm upgrade details from official release notes.