n8n-MCP Tool Call Argument Logging Vulnerability in HTTP Mode

A vulnerability exists in n8n-MCP versions through 2.47.12, where sensitive information from authenticated MCP tool call requests is logged in full detail, including unredacted arguments and JSON-RPC parameters. This issue arises when n8n-MCP operates in HTTP transport mode, as the logging flaw allows credential data—such as bearer tokens, OAuth credentials, per-tenant API keys, and webhook authentication headers—to be recorded and potentially exposed through shared log storage or external systems. The vulnerability requires authentication, but can still lead to significant unauthorized information disclosure.

Impact

The vulnerability allows for the unintentional logging of sensitive credential information, which can be accessed through shared log storage or external systems, potentially leading to unauthorized disclosure of bearer tokens, OAuth credentials, per-tenant API keys, and other secret-bearing payloads.

Reproduction

To reproduce this vulnerability, deploy n8n-MCP version 2.47.12 or earlier in HTTP mode. Then, make authenticated tool call requests that include credential data, such as through the 'n8n_manage_credentials' tool. The logged output will contain the raw credential values, which can be verified if the logs are accessible outside the request trust boundary.

Remediation

Users can upgrade to n8n-MCP version 2.47.13 or later, where this vulnerability has been patched. For those unable to upgrade immediately, it is recommended to restrict access to the HTTP port, limit log visibility, or switch to the stdio transport mode, which does not have an HTTP surface and bypasses the affected log calls.