HomeCVE Intelligence › CVE-2026-54309
CVSS 10.0 CRITICAL Vulnerability

CVE-2026-54309: n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions

Impact When @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited b…

10.0CVSS Score
CRITICALSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-54309
Vendornpm
Affected Productn8n
Vulnerability TypeVulnerability
CVSS Score10.0 (CRITICAL)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact

When @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). The default transport is stdio, which is not affected.

Patches

The issue has been fixed in n8n versions 2.25.7, a

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-54309 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence