n8n Cross-Site Scripting Vulnerability via Malicious MCP OAuth Client

A cross-site scripting vulnerability has been identified in n8n, an open-source workflow automation platform, affecting versions prior to 1.123.32, 2.17.4, and 2.18.1. The issue arises when an unauthenticated attacker registers a malicious MCP OAuth client with a crafted client_name. If a victim user authorizes the OAuth consent dialog and a second user later revokes that access, a toast notification will display the injected script. Clicking the link executes arbitrary JavaScript in the victim's authenticated n8n browser session, potentially leading to theft of credentials and session tokens, manipulation of workflows, or privilege escalation.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the victim's browser session, authenticated to n8n. This could result in stealing credentials and session tokens, unauthorized manipulation of workflows, or escalation of privileges within the application.

Remediation

Users should upgrade to n8n version 2.14.2 or later. If an immediate upgrade is not possible, access to the n8n instance and the MCP OAuth registration endpoint should be restricted to trusted users only. Additionally, the MCP server functionality can be disabled if not actively required.