CVE-2026-42230 Overview
CVE-2026-42230 is an open redirect vulnerability in n8n, an open source workflow automation platform. The flaw resides in the /mcp-oauth/register endpoint, which accepts OAuth client registrations without authentication. Attackers can register arbitrary redirect_uri values and craft phishing links that abuse the MCP OAuth consent dialog. When a victim clicks "Deny" on the consent page, the handleDeny handler redirects them to the attacker-controlled URL without validation. The issue affects n8n versions prior to 1.123.32, 2.17.4, and 2.18.1, and is tracked under [CWE-601] (URL Redirection to Untrusted Site).
Critical Impact
Attackers can leverage trusted n8n domains to redirect victims to phishing or malware-hosting sites, increasing the success rate of credential theft and social engineering campaigns.
Affected Products
- n8n versions prior to 1.123.32
- n8n versions prior to 2.17.4
- n8n version 2.18.0 (fixed in 2.18.1)
Discovery Timeline
- 2026-05-04 - CVE-2026-42230 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-42230
Vulnerability Analysis
The vulnerability exists in the Model Context Protocol (MCP) OAuth registration flow within n8n. The /mcp-oauth/register endpoint exposes OAuth Dynamic Client Registration without requiring authentication or validating the client-supplied redirect_uri. This allows any unauthenticated network attacker to register a malicious OAuth client with an arbitrary external redirect target.
During the consent flow, n8n presents users with an OAuth approval dialog. When the user clicks "Deny", the handleDeny handler issues an HTTP redirect to the previously registered redirect_uri. Because no allow-list validation occurs at registration time or at redirect time, the browser is sent to the attacker's domain while still appearing to originate from the trusted n8n instance.
Root Cause
The root cause is missing input validation on the redirect_uri parameter combined with an unauthenticated registration endpoint. The deny path trusts data supplied during client registration without verifying it against an allow-list of approved hosts or schemes.
Attack Vector
An attacker performs the following steps. First, they send an unauthenticated POST request to /mcp-oauth/register with a redirect_uri pointing to their controlled domain. Second, they craft a phishing URL containing the MCP OAuth consent flow with the malicious client_id. Third, they deliver the link to a victim through email or chat. When the victim opens the link and clicks "Deny" thinking they are rejecting the request, the n8n server redirects them to the external attacker site, which can host credential phishing pages or drive-by downloads.
No verified exploitation code is publicly available. See the GitHub Security Advisory GHSA-f6x8-65q6-j9m9 for technical details.
Detection Methods for CVE-2026-42230
Indicators of Compromise
- HTTP POST requests to /mcp-oauth/register originating from unauthenticated or unexpected source IPs.
- OAuth client registrations containing redirect_uri values pointing to domains outside the organization's trusted list.
- HTTP 302 responses from the n8n consent flow targeting external, non-corporate domains.
Detection Strategies
- Inspect web server access logs for traffic to /mcp-oauth/register and correlate with subsequent consent denials that issue cross-origin redirects.
- Audit the n8n MCP OAuth client registry for entries with suspicious or unfamiliar redirect_uri hostnames.
- Monitor user reports of unexpected browser redirects originating from internal n8n URLs.
Monitoring Recommendations
- Forward n8n application logs to a centralized SIEM and alert on registration events from unauthenticated principals.
- Track outbound redirects from n8n hosts to flag spikes in traffic to newly registered or low-reputation domains.
- Enable URL reputation checks at the secure web gateway to block redirects to known phishing infrastructure.
How to Mitigate CVE-2026-42230
Immediate Actions Required
- Upgrade n8n to version 1.123.32, 2.17.4, or 2.18.1 depending on the deployed release branch.
- Review and purge any unauthorized entries from the MCP OAuth client registration store.
- Restrict network access to the n8n management interface to trusted users and networks until patching is complete.
Patch Information
n8n has released fixed builds in versions 1.123.32, 2.17.4, and 2.18.1. The patches add authentication enforcement and redirect_uri validation on the MCP OAuth registration and deny flows. Patch details are documented in the n8n GitHub Security Advisory.
Workarounds
- Block external access to the /mcp-oauth/register endpoint at a reverse proxy or web application firewall until the upgrade can be applied.
- Disable the MCP OAuth feature in n8n configurations where it is not in use.
- Educate users to verify destination URLs before submitting credentials following any OAuth consent interaction.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
