n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3.
PUBLISHED5.2CWE-201
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
Problem type
Affected products
czlonkowski
n8n-mcp
< 2.51.3 - AFFECTED
References
https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w
https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w
https://github.com/czlonkowski/n8n-mcp/pull/782
https://github.com/czlonkowski/n8n-mcp/pull/782
https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f
https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f
https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3
https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3
GitHub Security Advisories
GHSA-f3rg-xqjj-cj9w
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
https://github.com/advisories/GHSA-f3rg-xqjj-cj9wSummary
In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md.
Impact
Operators with access to the project's telemetry backend could read partial fragments of workflow URL parameters that should not have been collected. The bug was scoped to URL-shaped fields in workflow definitions; credentials, OAuth tokens, and workflow execution data are not affected — credentials are removed by a separate code path, and long secrets and known-provider tokens are matched by dedicated patterns.
Patches
Fixed in n8n-mcp 2.51.3. Upgrading is the recommended remediation.
Workarounds
For users who cannot upgrade immediately, disable anonymous telemetry by setting any of these environment variables to true:
N8N_MCP_TELEMETRY_DISABLEDTELEMETRY_DISABLEDDISABLE_TELEMETRY
Credit
Reported by @u-ktdi.
github.com
https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w
github.com
https://github.com/czlonkowski/n8n-mcp/pull/782
github.com
https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f
github.com
https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3
github.com
https://github.com/advisories/GHSA-f3rg-xqjj-cj9w
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-45582Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-45582",
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"dateUpdated": "2026-05-29T13:37:30.720Z",
"dateReserved": "2026-05-12T19:00:14.601Z",
"datePublished": "2026-05-29T13:37:30.720Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M",
"dateUpdated": "2026-05-29T13:37:30.720Z"
},
"title": "n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters",
"descriptions": [
{
"lang": "en",
"value": "n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3."
}
],
"affected": [
{
"vendor": "czlonkowski",
"product": "n8n-mcp",
"versions": [
{
"version": "< 2.51.3",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"cweId": "CWE-201",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w",
"name": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w",
"tags": [
"x_refsource_CONFIRM"
]
},
{
"url": "https://github.com/czlonkowski/n8n-mcp/pull/782",
"name": "https://github.com/czlonkowski/n8n-mcp/pull/782",
"tags": [
"x_refsource_MISC"
]
},
{
"url": "https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f",
"name": "https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f",
"tags": [
"x_refsource_MISC"
]
},
{
"url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3",
"name": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3",
"tags": [
"x_refsource_MISC"
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
]
}
}
}