CVE-2026-56778 in n8ninfo

Summary

by MITRE • 07/08/2026

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to retry executions of that workflow, bypassing the intended permission boundary between read and execute access. This affects instances where workflows are shared with other users or across projects.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

This vulnerability represents a critical authorization bypass in n8n versions prior to 2.25.7 and 2.26.x before 2.26.2, specifically impacting the Public API execution retry endpoint. The flaw stems from an improper access control implementation where the system incorrectly validates permissions using the workflow:read scope instead of the more privileged workflow:execute scope. This misconfiguration creates a significant security gap that allows authenticated users with read-only access to shared workflows to perform actions that should be restricted to users with execute privileges.

The technical implementation of this vulnerability occurs within the Public API endpoint responsible for retrying workflow executions. When a user attempts to retry an execution through this endpoint, the system performs authorization checks but fails to properly verify that the requesting user possesses the necessary execute permissions. This error in privilege validation directly violates fundamental security principles and creates a path for unauthorized escalation of privileges. The flaw specifically affects instances where workflows are shared across users or projects, making it particularly dangerous in collaborative environments where different permission levels exist.

The operational impact of this vulnerability extends beyond simple privilege escalation, as it fundamentally undermines the security model of workflow sharing within n8n. An attacker with read-only access to a shared workflow can essentially gain execute capabilities through the retry endpoint, potentially leading to unauthorized automation execution and data manipulation. This bypass affects organizations that rely on granular permission controls to manage workflow access, as it allows users to perform actions they should not be authorized to execute. The vulnerability is particularly concerning in enterprise environments where workflows may contain sensitive business processes or access critical systems.

Organizations affected by this vulnerability should immediately update to n8n version 2.25.7 or 2.26.2, whichever applies to their current installation. System administrators should also review existing workflow sharing configurations and implement additional monitoring for retry operations through the Public API endpoint. The vulnerability aligns with CWE-284 which addresses improper access control in software systems, and represents a specific instance of inadequate authorization checks that could be exploited using techniques similar to those documented in ATT&CK matrix tactic TA0004 (Privilege Escalation) and technique T1078 (Valid Accounts). Security teams should also consider implementing network-level restrictions on Public API endpoints and conducting thorough access control reviews to identify potential additional unauthorized access paths.

Responsible

VulnCheck

Reservation

06/23/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!