CVE-2026-56775
Undergoing Analysis Undergoing Analysis - In Progress

Authorization Bypass in n8n Workflow Evaluation

Vulnerability report for CVE-2026-56775, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: VulnCheck

Description

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions (Enterprise/Cloud) with projects and viewer roles, an authenticated user with the project:viewer role can start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they only have read access to.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.55 (exc)
n8n n8n to 2.25.7 (exc)
n8n n8n to 2.26.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact or implications of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in n8n versions before 1.123.55, 2.25.7, and 2.26.2, where three mutating evaluation test-run endpoints incorrectly use the workflow:read OAuth scope instead of the required workflow:execute scope to authorize state-changing actions.

As a result, an authenticated user with the project:viewer role, which normally only grants read access, can start new evaluation test runs, cancel ongoing runs, and delete run records for workflows they should only be able to view.

Impact Analysis

This vulnerability allows users with limited read-only permissions (project:viewer role) to perform unauthorized state-changing actions such as starting, canceling, or deleting evaluation test runs on workflows they only have read access to.

The impact includes moderate integrity and availability risks because unauthorized users can alter or disrupt workflow evaluation runs, potentially affecting system operations or data related to those workflows.

The vulnerability requires low privileges and no user interaction to exploit, making it easier for attackers within the system to misuse these permissions.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade n8n to versions 1.123.55, 2.25.7, or 2.26.2 or later, where the issue has been patched.

As a temporary mitigation, restrict project membership to trusted users and avoid granting the project:viewer role to users who should not have the ability to start, cancel, or delete evaluation test runs, especially on sensitive workflows. However, these mitigations do not fully resolve the risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56775. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart