CVE-2026-42236
published 2026-05-04CVE-2026-42236: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted…
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.49%
38.3th percentile
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.123.32 | 1.123.32 |
| n8n-io | n8n | — | — |
| n8n-io | n8n | — | — |
| n8n | n8n | < 1.123.32 | 1.123.32 |
| n8n | n8n | — | — |
| n8n | n8n | >= 0 < 1.123.32 | 1.123.32 |
| n8n | n8n | >= 2.0.0 < 2.17.4 | 2.17.4 |
| n8n | n8n | 2.17.0 – 2.17.4 | — |
| n8n | n8n | >= 2.18.0 < 2.18.1 | 2.18.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
n8n-io n8n up to 1.123.31/2.17.3/2.18.0 Registration allocation of resources (GHSA-49m9-pgww-9vq6)
vuldb·2026-05-04·CVSS 8.7
CVE-2026-42236 [HIGH] n8n-io n8n up to 1.123.31/2.17.3/2.18.0 Registration allocation of resources (GHSA-49m9-pgww-9vq6)
A vulnerability classified as problematic was found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. This impacts an unknown function of the component Registration Handler. Executing a manipulation can lead to allocation of resources.
This vulnerability appears as CVE-2026-42236. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is advised.
GHSA
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
ghsa·2026-04-29
CVE-2026-42236 [HIGH] CWE-770 n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
## Impact
The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance.
The patches address the unbound registration with an upper bound of registered clients and disabling creation when MCP is disabled on the instance. Mean to restrict the payload size of requests already exist and can be used to control
No detection rules found.
No public exploits indexed.
2026-05-04
Published