{"data":{"id":"5a27a0c3-a89b-402b-8150-50ca6987d1c5","title":"GHSA-664h-gpgq-h6xx: n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints","summary":"n8n had a security flaw where three endpoints that change data in workflow test runs used the wrong permission scope (workflow:read instead of workflow:execute), allowing users with read-only access to start, cancel, and delete test runs they shouldn't be able to modify. This only affected enterprise versions with Advanced Permissions enabled.","solution":"Upgrade to n8n version 1.123.55, 2.25.7, or 2.26.2 or later. As temporary workarounds if upgrading immediately is not possible: restrict project membership to fully trusted users only, or avoid granting viewer access to projects containing sensitive workflows (though these do not fully remediate the risk).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-664h-gpgq-h6xx","publishedAt":"2026-06-17T13:55:59.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0-rc.0, < 2.25.7 (fixed: 2.25.7)","n8n@>= 2.26.0, < 2.26.2 (fixed: 2.26.2)","n8n@< 1.123.55 (fixed: 1.123.55)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-17T13:55:59.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}