PT-2026-36902 · N8N · N8N
Ori-Ron
·
Published
2026-04-22
·
Updated
2026-05-06
·
CVE-2026-42230
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
n8n versions prior to 1.123.32
n8n versions prior to 2.17.4
n8n versions prior to 2.18.1
Description
The '/mcp-oauth/register' endpoint allows OAuth client registrations without authentication, which permits the registration of arbitrary
redirect uri values. When a user denies the MCP OAuth consent dialog, the handleDeny() handler redirects the user to the registered redirect uri without validation. This creates an open redirect, allowing an attacker to use a phishing link to silently redirect a victim to an external, attacker-controlled site if the victim clicks "Deny" on the consent page.Recommendations
Update to version 1.123.32.
Update to version 2.17.4.
Update to version 2.18.1.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
N8N