CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-54309

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). This vulnerability is fixed in 2.25.7 and 2.26.2.

View on NVD

Analysis

Las instancias de n8n que utilizan el componente mcp-browser con transporte HTTP carecen de autenticación, permitiendo que cualquier sitio web malicioso ejecute código JavaScript y acceda a cookies en el navegador del usuario. Este fallo crítico de severidad 10.0 permite el control remoto de la sesión del navegador y el robo de datos sensibles si la extensión AI Browser Bridge está activa. Es imperativo actualizar a las versiones 2.25.7 o 2.26.2 para mitigar este riesgo.

Relevant roles

BackendJavascriptTypescriptCyberSecurityIADocker

Severity

Score: 10.0(CRITICAL)

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

AV: NETWORK

AC: LOW

PR: NONE

UI: NONE

S: CHANGED

C: HIGH

I: HIGH

A: LOW

Weakness (CWE): CWE-306

EPSS

Probability of exploitation (next 30 days): 0.0042 (0.4%)

Percentile: 33.1%

EPSS: 2026-06-25

Affects

n8n:n8n

Technical description

Published: 6/23/2026, 4:17:01 PM

Last modified: 6/25/2026, 6:40:16 PM

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-qrx8-25qr-5r7v

How to read this card

Actively exploited

KEV (Known Exploited Vulnerabilities) is CISA's catalog of CVEs confirmed as actively exploited in the real world. If a CVE is on KEV, someone is already using it in attacks.

CVSS 10.0

CVSS 10.0 — máxima severidad teórica. Explotable de forma remota, sin privilegios, con impacto total. Aún no confirmada como explotada en el mundo real, pero parchea ya.

AI-recommended

Un modelo de lenguaje revisó el CVE y consideró que afecta a software ampliamente desplegado o herramientas comunes de desarrollo. Un humano del equipo aprobó la publicación antes de que llegara aquí.

Categorías de impacto que evalúa la IA

widely_deployed_infra — kernel Linux, OpenSSL, glibc, k8s, Docker, nginx, OpenSSH.

popular_dev_tooling — Node.js, Python, Go, React, Next.js, librerías comunes de npm/pip.

common_consumer_software — Chrome, Firefox, Windows, macOS, apps móviles populares.

enterprise_saas — GitHub, GitLab, Atlassian, Salesforce, Cisco, Fortinet, Ivanti.

niche_software — CMS regionales, herramientas de hobby, librerías de poco uso.

not_relevant — firmware específico de proveedor, software descontinuado.

EPSS — EPSS (Exploit Prediction Scoring System) by FIRST.org estimates the probability that a CVE will be exploited in the next 30 days. Range is 0 to 1; very fresh CVEs typically score low until evidence accumulates.