A multi-tenant authentication bypass in n8n-MCP allows authenticated tenants to redirect management calls to the operator's n8n instance. The vulnerability exists in HTTP-mode deployments when ENABLE_MULTI_TENANT=true. Prior to version 2.51.2, requests missing either the x-n8n-url or x-n8n-key headers (or containing only one) silently fell back to process-level credentials (N8N_API_URL / N8N_API_KEY) conf [truncated]
A telemetry sanitization defect in n8n-MCP prior to version 2.51.3 could cause URL-shaped node parameters—such as customer identifiers, short secrets in query strings, and signed request parameters—to be retained in workflow telemetry data sent to the project's anonymous telemetry backend. This occurred contrary to the documented collection boundary in PRIVACY.md. The issue was fixed in version 2.51.3.
