GHSA-hv7x-3x78-gx53: n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

The POST /workflows/{workflowId}/test-runs/new endpoint authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a workflow could trigger a real evaluation test run, causing the workflow to execute via the internal workflow runner. This could result in unintended outbound API calls, data mutations, or other side effects in downstream systems connected to the workflow.

This issue primarily affects instances where the Evaluations feature is in use and where users may have workflow:read access without workflow:execute access, such as deployments using RBAC project roles.