CVE-2026-56775
NixOS 취약성 분석 및 완화

개요

CVE-2026-56775 is an incorrect authorization vulnerability in n8n, a workflow automation platform, affecting the evaluation test-run API endpoints. Three mutating endpoints incorrectly authorize state-changing actions using the workflow:read scope instead of the required workflow:execute scope, allowing authenticated users with only viewer-level access to perform privileged operations. The vulnerability affects n8n versions before 1.123.55, before 2.25.7, and before 2.26.2 (Enterprise/Cloud editions using Advanced Permissions). It was published on July 8, 2026, with a CVSS v3.1 score of 5.4 (Medium) and a CVSS v4.0 score of 5.3 (Medium) (GitHub Advisory, Github Advisory).

기술적 세부 사항

The root cause is classified as CWE-863 (Incorrect Authorization): the evaluation test-run controller in n8n checks the workflow:read OAuth scope to gate three mutating endpoints — starting a new test run, canceling an in-flight run, and deleting run records — rather than enforcing the appropriate workflow:execute scope. This means the authorization logic does not correctly distinguish between read-only and state-changing operations. An attacker must be an authenticated user with the project:viewer role on an n8n Enterprise or Cloud instance that has Advanced Permissions with projects and viewer roles enabled. No special tooling or complex exploitation chain is required beyond valid credentials and direct API calls to the affected endpoints (GitHub Advisory, Github Advisory).

영향

Successful exploitation allows an authenticated viewer-role user to start new evaluation test runs, cancel in-progress runs, and delete run records for workflows they should only be able to read. This results in unauthorized integrity and availability impacts: workflow execution state can be manipulated or disrupted, and historical run data can be permanently deleted. There is no confidentiality impact, and the vulnerability is scoped to the affected n8n instance without evidence of lateral movement potential. The impact is limited to instances with Advanced Permissions (Enterprise/Cloud) where projects and viewer roles are actively in use (GitHub Advisory).

착취 단계

  1. Identify a target instance: Confirm the n8n instance is running an affected version (before 1.123.55, 2.25.7, or 2.26.2) with Advanced Permissions enabled and projects/viewer roles in use.
  2. Obtain viewer credentials: Acquire valid credentials for an account with the project:viewer role on a project containing sensitive workflows (e.g., via a free trial, social engineering, or compromised account).
  3. Authenticate and obtain a session token: Log in to the n8n instance via the API or UI to obtain a valid authentication token.
  4. Identify target workflows: Use the workflow:read-permitted endpoints to enumerate workflows within the project that the viewer account has read access to.
  5. Invoke mutating test-run endpoints: Send authenticated API requests to the evaluation test-run controller endpoints — such as starting a new test run, canceling an in-flight run, or deleting run records — using the viewer session token. The server incorrectly accepts these requests due to the wrong scope check.
  6. Achieve unauthorized state changes: Successfully start, cancel, or delete workflow evaluation runs, disrupting workflow operations or destroying audit/run history (GitHub Advisory).

타협의 징후

  • Logs: n8n application logs showing project:viewer-role users invoking evaluation test-run mutating endpoints (start, cancel, delete) on workflows they do not own or administer; unexpected test run creation, cancellation, or deletion events attributed to viewer accounts.
  • Network: API requests from viewer-role sessions to evaluation test-run controller endpoints that perform state-changing operations (POST/DELETE methods) rather than read-only (GET) operations.
  • Application Behavior: Unexpected disappearance of workflow run records; test runs being started or canceled without action by workflow owners or administrators; audit logs showing run deletions by accounts with only viewer permissions.

완화 및 해결 방법

Upgrade n8n to version 1.123.55, 2.25.7, or 2.26.2 (or later), which contain the fix for this vulnerability. If immediate upgrade is not possible, administrators should restrict project membership to fully trusted users only and avoid granting viewer access to projects containing sensitive workflows; however, these workarounds do not fully remediate the risk. Instances not using Advanced Permissions with projects and viewer roles are not affected and do not require immediate action (GitHub Advisory).

커뮤니티 반응

The vulnerability was credited to reporter YLChen-007 and disclosed by the n8n security team via a GitHub Security Advisory. No significant public commentary, media coverage, or notable researcher reactions have been identified beyond the official advisory at the time of this report (GitHub Advisory).

추가 자료


근원이 보고서는 AI를 사용하여 생성되었습니다.

관련 NixOS 취약점:

CVE ID

심각도

점수

기술

구성 요소 이름

CISA KEV 익스플로잇

수정 사항이 있습니다.

게시된 날짜

CVE-2026-59257MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-59253MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-56778MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-56776MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-56775MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026

무료 취약성 평가

클라우드 보안 태세를 벤치마킹합니다

9개의 보안 도메인에서 클라우드 보안 관행을 평가하여 위험 수준을 벤치마킹하고 방어의 허점을 식별합니다.

평가 요청

추가 Wiz 리소스

맞춤형 데모 받기

맞춤형 데모 신청하기

"내가 본 최고의 사용자 경험은 클라우드 워크로드에 대한 완전한 가시성을 제공합니다."
데이비드 에슬릭최고정보책임자(CISO)
"Wiz는 클라우드 환경에서 무슨 일이 일어나고 있는지 볼 수 있는 단일 창을 제공합니다."
아담 플레처최고 보안 책임자(CSO)
"우리는 Wiz가 무언가를 중요한 것으로 식별하면 실제로 중요하다는 것을 알고 있습니다."
그렉 포니아토프스키위협 및 취약성 관리 책임자