CVE-2026-42230

CVE Database · CVE-2026-42230

CVE-2026-42230

· MEDIUMAnalyzed

CVSS v3.1

6.1

CVSS v4.0

5.1

EPSS

0.18%

Published

May 4, 2026

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks "Deny" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-601

Affected Products (3)

n8n · n8n (up to 1.123.32)vulnerable

n8n · n8n (up to 2.17.4)vulnerable

n8n · n8nvulnerable

References (1)

https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs