CVE-2026-42235
published 2026-05-04CVE-2026-42235: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP…
PriorityP260critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
0.33%
25.0th percentile
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.123.32 | 1.123.32 |
| n8n-io | n8n | — | — |
| n8n-io | n8n | — | — |
| n8n | n8n | < 1.123.32 | 1.123.32 |
| n8n | n8n | — | — |
| n8n | n8n | >= 0 < 1.123.32 | 1.123.32 |
| n8n | n8n | >= 2.17.0 < 2.17.4 | 2.17.4 |
| n8n | n8n | >= 2.17.0 < 2.17.4 | 2.17.4 |
| n8n | n8n | >= 2.18.0 < 2.18.1 | 2.18.1 |
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
n8n-io n8n up to 1.123.31/2.17.3/2.18.0 MCP client_name cross site scripting (GHSA-537j-gqpc-p7fq)
vuldb·2026-05-04·CVSS 8.8
CVE-2026-42235 [HIGH] n8n-io n8n up to 1.123.31/2.17.3/2.18.0 MCP client_name cross site scripting (GHSA-537j-gqpc-p7fq)
A vulnerability has been found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0 and classified as problematic. This issue affects some unknown processing of the component MCP Handler. Performing a manipulation of the argument client_name results in improper neutralization of alternate xss syntax.
This vulnerability is known as CVE-2026-42235. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
GHSA
n8n Vulnerable to XSS via MCP OAuth client
ghsa·2026-04-29
CVE-2026-42235 [HIGH] CWE-87 n8n Vulnerable to XSS via MCP OAuth client
n8n Vulnerable to XSS via MCP OAuth client
## Impact
An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation.
## Patches
This issue has been fixed in n8n version 2.14.2. Users should upgrade to this version or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Restrict access to t
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published