N8n Mcp

Name: N8n Mcp
Author: czlonkowski

n8n-mcp · by czlonkowski

A MCP for Claude Desktop / Claude Code / Windsurf / Cursor to build n8n workflows for you

21.1k 109.8k/wk 10 tools GitHub npm

No known CVEs

MIT license

Actively maintained

Last commit 4d ago

Works with most clients

Transport: stdio, sse, http

10 tools · ~778 tok

Grade B · 0.4% of 200K ctx

Edit this pageView history

Productivity Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "n8n-mcp": {
      "env": {
        "MCP_MODE": "stdio",
        "LOG_LEVEL": "error",
        "DISABLE_CONSOLE_OUTPUT": "true"
      },
      "args": [
        "n8n-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/n8n-mcp)](https://mcppedia.org/s/n8n-mcp)

Required API Keys

MCP_MODEMCP Mode (required)

Must be set to "stdio" — without this, Claude Desktop will fail with JSON parsing errors.

N8N_API_KEYn8n API Key (optional)

Go to your n8n instance → Settings → API → Create API Key

N8N_API_URLn8n Instance URL (optional)

Your n8n instance URL, e.g. https://your-n8n.com. Only needed for workflow management features.

Read me

What N8n Mcp does

A Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Deploy in minutes to give Claude and other AI assistants deep knowledge about n8n's 1,396 workflow automation nodes (812 core + 584 community).

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

89/100across 5 weighted dimensions

How we score →

0255075100

−11

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

10 fixed

CVE-2026-45707low · fixedCVSS 3.1

n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

## Summary When `ENABLE_MULTI_TENANT=true`, the HTTP transport documents that the target n8n instance is selected per-request from `x-n8n-url` / `x-n8n-key` headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level `N8N_API_URL` / `N8N_API_KEY` credentials configured for the operator's own n8n instance. As a result, an authenticated MCP tenant could cause n8n management calls to execute against the operator's instance instead of its ow

Affected: >= 0Fixed in 2.51.2source →

CVE-2026-45582low · fixedCVSS 3.1

n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

## Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in `PRIVACY.md`. ## Impact

Affected: >= 0Fixed in 2.51.3source →

GHSA-8g7g-hmwm-6rv2low · fixedCVSS 3.1

n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure

## Impact `n8n-mcp` versions before 2.50.1 contained three independently-reported issues affecting deployments that run the n8n API integration: 1. **Caller-supplied identifiers were not validated before being used as URL path segments** by the n8n API client. An authenticated MCP caller passing a crafted workflow id could cause outbound requests carrying the configured n8n API key to land on other same-origin endpoints, bypassing handler-level access controls (including `DISABLED_TOOLS`). 2.

Affected: >= 0Fixed in 2.50.1source →

CVE-2026-44694medium · fixedCVSS 4

n8n-mcp webhook and API client paths has an authenticated SSRF

### Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client (`N8N_API_URL`), and per-request URLs supplied via the `x-n8n-url` header in multi-tenant HTTP mode. ### Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to internal services and cloud metadata endpoints that the SSRF gate is meant to block. The response body is returned to the caller, making internal-service enumeration and credential theft

Affected: >= 2.18.7Fixed in 2.50.2source →

CVE-2026-42449low · fixedCVSS 3.1

n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

### Impact In the SDK embedder path (`N8NDocumentationMCPServer` constructor, `getN8nApiClient()`, and `validateInstanceContext()`), the synchronous URL validator in `SSRFProtection.validateUrlSync()` had no IPv6 checks. IPv4-mapped IPv6 addresses such as `http://[::ffff:169.254.169.254]` bypassed the cloud-metadata, localhost, and private-IP range checks. An attacker able to supply an `n8nApiUrl` value could cause the server to issue HTTP requests to cloud metadata endpoints (AWS IMDS, GCP, Az

Affected: >= 2.47.4Fixed in 2.47.14source →

Inventory

Tools (10)

Click any tool to inspect its schema.

~778 tokens total

Inventory

Resources (3)

node_database

Pre-built database with all 1,396 n8n nodes and their properties

n8n-mcp://nodes

template_library

2,709 workflow templates with 100% metadata coverage

n8n-mcp://templates

documentation

87% coverage of official n8n documentation including AI nodes

n8n-mcp://docs

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is N8n Mcp safe to use?: N8n Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install N8n Mcp?: N8n Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can N8n Mcp do?: N8n Mcp provides 10 tools: search_nodes, get_node_documentation, get_node_properties, get_node_operations, search_templates and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with N8n Mcp?: N8n Mcp is compatible with claude-desktop, cursor, claude-code, windsurf. It uses stdio and sse and http transport.
Is N8n Mcp actively maintained?: N8n Mcp is actively maintained — last commit was 4 days ago. It has 21,058 GitHub stars.

Similar servers

Others in productivity / developer-tools

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.6k 1

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.6k 2

MCP Security Weekly

Get CVE alerts and security updates for N8n Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

{ "mcpServers": { "n8n-mcp": { "env": { "MCP_MODE": "stdio", "LOG_LEVEL": "error", "DISABLE_CONSOLE_OUTPUT": "true" }, "args": [ "n8n-mcp" ], "command": "npx" } } }

Frequently Asked Questions

Is N8n Mcp safe to use?

N8n Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install N8n Mcp?

N8n Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can N8n Mcp do?

N8n Mcp provides 10 tools: search_nodes, get_node_documentation, get_node_properties, get_node_operations, search_templates and 5 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with N8n Mcp?

N8n Mcp is compatible with claude-desktop, cursor, claude-code, windsurf. It uses stdio and sse and http transport.

Is N8n Mcp actively maintained?

N8n Mcp is actively maintained — last commit was 4 days ago. It has 21,058 GitHub stars.