PatchSiren cyber security CVE debrief
CVE-2026-56775 n8n CVE debrief
The n8n workflow automation tool has an authorization vulnerability in three mutating evaluation test-run endpoints. The vulnerability allows an authenticated user with the project:viewer role to perform state-changing actions on workflows they only have read access to, due to the use of the workflow:read scope instead of the workflow:execute scope. This issue affects n8n instances using Advanced Permissions (Enterprise/Cloud) with projects and viewer roles.
- Vendor
- n8n
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of n8n versions before 1.123.55, 2.25.7, and 2.26.2 who have Advanced Permissions (Enterprise/Cloud) with projects and viewer roles should be aware of this vulnerability. An authenticated user with the project:viewer role could potentially exploit this vulnerability to start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they only have read access to.
Technical summary
The vulnerability is located in three mutating evaluation test-run endpoints in n8n. These endpoints authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. This incorrect authorization allows an authenticated user with the project:viewer role to perform actions on workflows for which they only have read access. The affected versions are n8n before 1.123.55, 2.25.7, and 2.26.2.
Defensive priority
Medium priority should be given to patching this vulnerability, as it allows for unauthorized actions on workflows. The CVSS score of 5.3 and severity of MEDIUM indicate a moderate risk.
Recommended defensive actions
- Apply patches or updates to n8n to version 1.123.55, 2.25.7, or 2.26.2, or later.
- Review and adjust user roles and permissions in n8n instances using Advanced Permissions (Enterprise/Cloud) with projects and viewer roles.
- Monitor for any suspicious activity related to evaluation test runs in n8n instances.
- Verify that n8n instances are running with the latest security patches and updates.
- Conduct a thorough review of n8n workflow configurations to ensure proper authorization and access controls.
- Implement additional monitoring and logging to detect potential exploitation attempts.
- Review and update incident response plans to include procedures for responding to potential exploitation of this vulnerability.
Evidence notes
The CVE record was published on 2026-07-08T14:17:17.420Z and was last modified on 2026-07-08T19:31:35.683Z. The NVD entry is currently Analyzed. The vulnerability details are based on the information provided by the NVD and other sources.
Official resources
-
CVE-2026-56775 CVE record
CVE.org
-
CVE-2026-56775 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:17.420Z and has not been modified since then. The NVD entry is currently Analyzed.