n8n Unauthenticated Denial of Service via MCP Client Registration

n8n, a workflow automation platform, is susceptible to a denial-of-service (DoS) vulnerability due to insufficient resource controls on the MCP OAuth client registration endpoint. This vulnerability, identified as CVE-2026-42236, allows an unauthenticated remote attacker to send large registration payloads to the server, potentially exhausting server memory resources. Even if the MCP is disabled via the enable/disable toggle, client registrations are still possible. The attack results in the n8n instance becoming unavailable, disrupting normal operations. The vulnerability affects n8n versions before 1.123.32, versions 2.0.0 to 2.17.4, and versions 2.18.0 to 2.18.1. Patches are available in n8n versions 1.123.32, 2.17.4, and 2.18.1 to address this issue by implementing an upper bound on registered clients and disabling client creation when MCP is disabled.

Attack Chain

1. The attacker identifies an n8n instance running a vulnerable version (e.g., < 1.123.32, 2.0.0 < x < 2.17.4, or 2.18.0 < x < 2.18.1).
2. The attacker sends an unauthenticated HTTP POST request to the MCP OAuth client registration endpoint. The exact URI path for this endpoint is not specified in the advisory, but it is related to MCP OAuth client registration.
3. The POST request contains a large payload designed to consume significant server memory during processing.
4. The n8n instance processes the registration request without proper resource limitations or input validation on the payload size.
5. The server allocates memory to handle the large payload, potentially leading to memory exhaustion.
6. The attacker sends multiple such requests in rapid succession, exacerbating the memory exhaustion issue.
7. The n8n instance becomes unresponsive due to memory starvation, resulting in a denial of service.
8. Legitimate users are unable to access or use the n8n platform.

Impact

Successful exploitation of this vulnerability leads to a denial-of-service condition, rendering the n8n instance unavailable to legitimate users. The advisory does not specify the number of victims or sectors targeted. However, any organization using a vulnerable version of n8n is at risk. If the attack succeeds, critical workflow automation processes managed by n8n will be interrupted, potentially leading to business disruptions and data loss.

Recommendation

• Upgrade n8n to version 1.123.32, 2.17.4, or 2.18.1, or later to remediate the vulnerability as mentioned in the Patches section.
• If upgrading is not immediately possible, restrict network access to the n8n instance to prevent requests from untrusted sources, as outlined in the Workarounds section.
• If upgrading is not immediately possible, reduce the maximum accepted payload size by lowering the N8N_PAYLOAD_SIZE_MAX environment variable as described in the Workarounds section.
• Monitor web server logs for unusual POST requests to the MCP OAuth client registration endpoint (path not specified in advisory) that may indicate exploitation attempts. Create detection rules for this activity on webserver logs.