CVE-2026-56775 in n8ninfo

Summary

by MITRE • 07/08/2026

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions (Enterprise/Cloud) with projects and viewer roles, an authenticated user with the project:viewer role can start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they only have read access to.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/08/2026

This authorization vulnerability exists within n8n versions prior to 1.123.55, 2.25.7, and 2.26.2 where three specific mutating evaluation test-run endpoints fail to properly validate user permissions. The flaw stems from the system incorrectly utilizing the workflow:read scope for authorizing state-changing actions instead of employing the appropriate workflow:execute scope that would be required for such operations. This misconfiguration creates a privilege escalation scenario where users with minimal access rights can perform administrative functions on workflows they should not be able to modify.

The technical implementation of this vulnerability allows authenticated users with project:viewer roles to execute unauthorized operations against workflows they only possess read access to. Specifically, these users can initiate new evaluation test runs, cancel ongoing executions, and delete run records from the system's history. The vulnerability operates at the authorization layer where the application fails to properly validate whether the requesting user has sufficient permissions for the specific action being performed. This represents a classic case of insufficient authorization checking as classified under CWE-285, where the system does not adequately verify that users have proper access rights before allowing state-changing operations.

The operational impact of this vulnerability is significant within enterprise environments using advanced permissions and project-based access controls. In n8n's Enterprise/Cloud deployments with projects and viewer roles, malicious or unauthorized users can effectively bypass normal workflow security boundaries. These actions could lead to data integrity issues, disruption of legitimate workflow executions, and potential information disclosure through the deletion of run records that might contain sensitive operational data. The vulnerability essentially allows read-only users to perform write operations against workflows they should not be able to modify, creating a substantial security risk in multi-tenant or collaborative environments.

This authorization weakness aligns with several ATT&CK techniques including privilege escalation and defense evasion. The vulnerability enables an attacker to escalate their privileges from viewer level access to effectively gain execute permissions on workflows through the manipulation of test-run endpoints. Organizations using n8n with advanced permission models should immediately implement mitigations including upgrading to the patched versions, reviewing existing project permissions, and implementing additional monitoring for unauthorized workflow execution activities. The fix requires proper scope validation where workflow:execute permissions are enforced for all mutating actions rather than relying on read-level permissions that do not provide adequate authorization boundaries.

The vulnerability demonstrates a failure in n8n's permission model implementation where the system does not properly enforce role-based access controls for workflow operations. This represents a critical gap in the application's security architecture that allows users to perform state-changing operations without appropriate authorization validation. The issue is particularly concerning in enterprise environments where multiple users with varying levels of access must be properly segregated to maintain data integrity and operational security. Organizations should conduct comprehensive audits of their n8n deployments to identify other potential authorization flaws and ensure proper implementation of least-privilege principles across all workflow operations.

This authorization flaw highlights the importance of proper scope validation in modern application security design and represents a common pattern where developers assume that read permissions should logically include execute capabilities, which is fundamentally incorrect in secure system design. The vulnerability underscores the need for comprehensive security testing including authorization reviews and the implementation of automated tools to detect such permission misconfigurations. Organizations should also consider implementing additional logging and monitoring around workflow execution activities to detect anomalous behavior patterns that might indicate unauthorized access attempts.

Responsible

VulnCheck

Reservation

06/23/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!