Authorization Bypass in n8n Workflow Management
CVE-2026-56776
What is CVE-2026-56776?
An authorization bypass vulnerability exists in n8n prior to specified versions, allowing unauthorized users to execute workflows through the POST /workflows/{workflowId}/test-runs/new endpoint. By misusing the workflow:read scope instead of the intended workflow:execute permission, authenticated users with read-only access can trigger execution of workflows. This can lead to unintended API calls, data mutations, and various side effects that may compromise the integrity and security of connected systems. This issue is particularly concerning for instances utilizing the Evaluations feature, where project roles permit workflow:read access but fail to enforce workflow:execute permissions effectively.
Affected Version(s)
n8n 0 < 1.123.55
n8n 0 < 2.26.2
n8n 0 < 2.25.7
