CVE-2026-54309 n8n-io CVE debrief

Who should care

Security teams and administrators responsible for n8n workflow automation platforms should be aware of this vulnerability. If the @n8n/mcp-browser component is used in HTTP transport mode, immediate action is necessary to prevent exploitation. Users of the n8n AI Browser Bridge extension should also take precautions to ensure their browser connections are secure.

Technical summary

CVE-2026-54309 is a high-severity vulnerability in the n8n workflow automation platform. The @n8n/mcp-browser component, when run in HTTP transport mode, accepts session initialization and tool invocation requests without authentication. This allows any network-reachable client or visited website to establish an MCP session and invoke browser-control tools. If the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities. The vulnerability is fixed in versions 2.25.7 and 2.26.2.

Defensive priority

High priority should be given to updating the n8n workflow automation platform to versions 2.25.7 or 2.26.2. Instances where @n8n/mcp-browser is run with the HTTP transport (--transport http) should be immediately patched to prevent exploitation.

Recommended defensive actions

• Update n8n to version 2.25.7 or 2.26.2
• Disable HTTP transport mode for @n8n/mcp-browser
• Verify and restrict access to browser-control capabilities
• Monitor for suspicious activity on n8n instances
• Review and update compensating controls for n8n workflow automation platforms

Evidence notes

The CVE-2026-54309 vulnerability was published on June 23, 2026, and modified on June 25, 2026. The vulnerability affects n8n workflow automation platforms using @n8n/mcp-browser in HTTP transport mode. Evidence from the NVD and CVE.org confirms the vulnerability's existence and provides details on affected versions.

Official resources