Main Vulnerability Database Vulnerabilities #VU134563

Improper access control in n8n - #VU134563

Published: June 16, 2026

Vulnerability identifier: #VU134563

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: n8n

Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to trigger workflow execution and cause unintended side effects in downstream systems.

The vulnerability exists due to improper access control in the POST /workflows/{workflowId}/test-runs/new endpoint when handling requests to create evaluation test runs. A remote user can send a request to create a new test run for a workflow with read-only access to trigger workflow execution and cause unintended side effects in downstream systems.

Only instances using the Evaluations feature are affected.

Remediation

Install security update from vendor's website.

Sources

https://github.com/n8n-io/n8n/security/advisories/GHSA-hv7x-3x78-gx53

Improper access control in n8n - #VU134563

Detailed vulnerability description

Remediation

Sources

Please verify you're human