CVE-2026-56778
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes acc
CVSS
6.4
Medium
EPSS
0.2%
p7
KEV
—
Exploit Today
2
0-100
Published: Jul 8, 2026 · Last modified: Jul 8, 2026 · CWE-863
0.2%EPSS · 30 days0.2%
2026-07-092026-07-17
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to retry executions of that workflow, bypassing the intended permission boundary between read and execute access. This affects instances where workflows are shared with other users or across projects.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-350298.8 HIG97.8%
——29LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0.3dCVE-2026-479967.6 HIG96.9%
——29Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.2dCVE-2025-324622.8 LOW86.9%
——26Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.3dCVE-2021-289367.5 HIG78.8%
——24The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.9dCVE-2021-406397.5 HIG64.4%
——19Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.9dCVE-2022-366348.8 HIG59.5%
——18An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.9d