js · n8nCritical
n8n: Unauthenticated MCP session in @n8n/mcp-browser with HTTP transport
Unauthenticated MCP session and tool invocation in @n8n/mcp-browser when using HTTP transport.
What changed
Unauthenticated MCP session and tool invocation in @n8n/mcp-browser when using HTTP transport.
Who it affects
Users running @n8n/mcp-browser with HTTP transport (--transport http).
What to do today
Upgrade to n8n version 2.25.7 or 2.26.2, or switch to stdio transport and restrict network access.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · n8n