n8n Public API Retry Execution Authorization Bypass

The Public API endpoint for retrying executions used `workflow:read` instead of `workflow:execute` for authorization, allowing read-only users to retry executions.

Instances where workflows are shared with other users or across projects, and authenticated users with read-only access to a shared workflow.

Upgrade n8n to version 2.25.7 or 2.26.2 or later. If immediate upgrade is not possible, restrict workflow sharing to fully trusted users and restrict network access to the Public API.