Main Vulnerability Database Vulnerabilities #VU134572

Improper Authorization in n8n - #VU134572

Published: June 16, 2026

Vulnerability identifier: #VU134572

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: n8n

Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to bypass authorization checks and retry workflow executions.

The vulnerability exists due to improper access control in the Public API execution retry endpoint when handling retry requests for shared workflows. A remote user can send a retry execution request for a workflow with only read access to bypass authorization checks and retry workflow executions.

This issue affects instances where workflows are shared with other users or across projects.

Remediation

Install security update from vendor's website.

Sources

https://github.com/n8n-io/n8n/security/advisories/GHSA-h3jj-5f3v-3685

Improper Authorization in n8n - #VU134572

Detailed vulnerability description

Remediation

Sources

Please verify you're human