PatchSiren cyber security CVE debrief
CVE-2026-56778 n8n CVE debrief
CVE-2026-56778 is an authorization bypass vulnerability in the n8n workflow automation tool. The vulnerability affects n8n versions before 2.25.7 and 2.26.x before 2.26.2. An authenticated user with read-only access to a shared workflow can use the Public API to retry executions of that workflow, bypassing the intended permission boundary between read and execute access. This vulnerability allows for unauthorized execution of workflows by users with read-only access, potentially leading to unintended changes in the workflow executions.
- Vendor
- n8n
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of n8n workflow automation tool, especially those who have shared workflows with other users or across projects, should be aware of this vulnerability. This vulnerability allows an authenticated user with read-only access to a shared workflow to retry executions of that workflow using the Public API, potentially bypassing intended permission boundaries. Therefore, it is crucial for administrators and users of n8n to assess their exposure and take necessary actions to mitigate this vulnerability.
Technical summary
The vulnerability is caused by the Public API execution retry endpoint authorizing access using the workflow:read scope instead of workflow:execute. This allows an authenticated user with read-only access to a shared workflow to retry executions of that workflow, effectively bypassing the intended permission boundary between read and execute access. The affected versions of n8n are before 2.25.7 and 2.26.x before 2.26.2.
Defensive priority
Medium priority should be given to patching this vulnerability, as it allows for unauthorized execution of workflows by users with read-only access. However, the actual priority may vary depending on the specific use case and exposure of the affected systems.
Recommended defensive actions
- Patch n8n to version 2.25.7 or later, or 2.26.2 or later.
- Review and restrict access to the Public API execution retry endpoint.
- Monitor for suspicious activity related to workflow executions.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-08T14:17:17.683Z and has not been modified since then. The NVD entry is currently Analyzed. This information is based on the CVE record and NVD entry. However, the details about the vulnerability, such as its impact and affected versions, should be verified with the vendor or through additional sources for comprehensive understanding.
Official resources
-
CVE-2026-56778 CVE record
CVE.org
-
CVE-2026-56778 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:17.683Z and has not been modified since then. The NVD entry is currently Analyzed.