Listen to this Post
How the CVE works:
The vulnerability exists in the workflow telemetry sanitizer of n8n-mcp versions prior to 2.51.3. When a workflow contains HTTP-Request-style node parameters with URL-shaped values (e.g., query strings containing customer IDs, tenant identifiers, short secrets, or signed request parameters), the sanitizer fails to fully strip these fragments before sending data to the anonymous telemetry backend. Specifically, the sanitizer removes credentials and long secrets via separate code paths but retains partial URL fragments due to incomplete regex or parsing logic. The telemetry collection is intended to exclude sensitive parameters as documented in PRIVACY.md, but the bug allows URL-shaped fields to leak. Attackers with access to the telemetry backend (e.g., project operators or anyone who can query stored telemetry) can retrieve these fragments. The leak is limited to workflow definition data—execution data and OAuth tokens remain protected. The flaw is triggered automatically whenever a workflow with vulnerable node parameters is saved or executed, as telemetry is sent periodically.
Platform: n8n-mcp
Version: <2.51.3
Vulnerability: Telemetry sanitizer bypass
Severity: Medium
Date: 2025-05-18
Prediction: 2025-06-01
What Undercode Say:
Check current version n8n-mcp --version Verify telemetry environment variables echo $N8N_MCP_TELEMETRY_DISABLED echo $TELEMETRY_DISABLED echo $DISABLE_TELEMETRY Disable telemetry immediately (workaround) export N8N_MCP_TELEMETRY_DISABLED=true Upgrade to fixed version npm install [email protected]
Exploit:
An attacker with telemetry backend access queries stored workflow telemetry, extracts HTTP-Request node parameters, and retrieves partial secrets (e.g., short API keys in query strings). Example: `GET /telemetry/logs?workflow=123` reveals customer_id=abc&token=xyz.
Protection from this CVE:
Upgrade to 2.51.3 or later. If unable, disable telemetry via any of the three environment variables. Audit existing telemetry logs for leaked fragments. Restrict telemetry backend access to trusted operators only.
Impact:
Leakage of customer/tenant identifiers, short secrets, and signed request parameters from workflow definitions to telemetry storage. Credentials and execution data remain safe.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

