Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-54309

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). This vulnerability is fixed in 2.25.7 and 2.26.2.

Ver en NVD

Análisis

Las instancias de n8n que utilizan el componente mcp-browser con transporte HTTP carecen de autenticación, permitiendo que cualquier sitio web malicioso ejecute código JavaScript y acceda a cookies en el navegador del usuario. Este fallo crítico de severidad 10.0 permite el control remoto de la sesión del navegador y el robo de datos sensibles si la extensión AI Browser Bridge está activa. Es imperativo actualizar a las versiones 2.25.7 o 2.26.2 para mitigar este riesgo.

Roles relevantes

BackendJavascriptTypescriptCyberSecurityIADocker

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: LOW
Tipo de falla (CWE): CWE-306

EPSS

Probabilidad de explotación (próx. 30 días): 0.0042 (0.4%)
Percentil: 33.1%
EPSS: 2026-06-25

Afecta

n8n:n8n

Descripción técnica

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). This vulnerability is fixed in 2.25.7 and 2.26.2.

Publicada: 23/6/2026, 16:17:01
Última modificación: 25/6/2026, 18:40:16

Referencias

InicioEventosBlogRecursosEquipo