Horizon Alert
Summary of the vulnerability and why it matters
An MCP server used by AI assistants for n8n documentation and operations has a critical vulnerability when multi-tenancy is enabled in HTTP mode. This flaw allows authenticated users to access and potentially disrupt workflow data belonging to other tenants. The main concern is confirming if this specific configuration is in use and exposed.
- Unauthorized access to tenant workflow data.
- Matters if multi-tenancy and HTTP mode are enabled.
- Confirming exposure and relevance is the key focus.
Attack Path
How an attacker could exploit the issue
An attacker could exploit this by leveraging the multi-tenancy feature in HTTP mode to access or manipulate workflow backups belonging to other tenants. This could occur if the n8n-MCP server is deployed with multi-tenancy enabled and exposed over a network, allowing an authenticated tenant to view, delete, or corrupt sensitive data from other tenants' backups.
- Authenticated tenant access required.
- Access to other tenants' backup data.
- Unauthorized data access and modification.
Live Threat
Current exploitation, exposure, and threat context
When n8n-MCP is configured in HTTP mode with multi-tenancy enabled, an authenticated tenant could access, delete, or corrupt workflow version history backups belonging to other tenants. This could expose sensitive information such as node definitions, credential references, and authorization headers stored within these backups.
- Tenant workflow backup data.
- Authenticated tenant could read other tenants' data.
- Exposure of sensitive configurations and credentials.
Operational Fix
Recommended remediation, mitigation, and detection steps
The n8n-MCP server, when deployed with multi-tenancy enabled and exposed via HTTP, presents a risk to tenant data isolation. Teams responsible for n8n instances, including platform or infrastructure owners and potentially application owners if n8n is directly integrated into business workflows, should prioritize identifying these deployments. The immediate first step is to confirm the presence and reachability of n8n-MCP instances configured with multi-tenancy, assess their business criticality, and then initiate a risk-based remediation plan.
- Identify n8n-MCP deployments with multi-tenancy.
- Verify tenant data isolation and reachability.
- Plan remediation based on identified risks.