CYBERHAWK / CVE / CVE-2026-42235

CVE-2026-42235

n8n

CRITICAL CVSS 9.6 vibe ai

The flaw

XSS in MCP OAuth client registration allows session hijacking.

Update n8n to 1.123.32, 2.17.4, or 2.18.1

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-05-08 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits