Product
A critical cross-tenant access vulnerability exists in n8n-mcp versions up to 2.56.0, specifically in multi-tenant HTTP deployments. An authenticated tenant can read, delete, or destroy workflow version backups belonging to other tenants due to insufficient isolation of locally stored version history. This exposure includes sensitive data such as credential references and authorization headers embedded in node definitions, posing both a confidentiality and integrity/availability risk.