← All stories
● Covered by 1 source Β· 1 reportMedium impact

n8n Token Exchange Vulnerability Allows Unauthorized User Logins

Aggregated by BrevFeed security Β· updated 2h ago
πŸ”– Save

n8n's workflow automation platform experienced a security flaw allowing attackers to log in as users from different issuers. The bug allowed valid tokens from one issuer to erroneously authenticate users from another, impacting Enterprise deployments that trust multiple external token issuers.

Key points

Description of the Vulnerability

n8n, a workflow automation platform, had a token exchange flaw allowing authentication issues when multiple external token issuers were trusted. The platform matched incoming JWTs to users based solely on the 'sub' claim, ignoring the 'iss' claim. This resulted in users being logged in as someone else, using tokens from different issuers without needing the correct password.

Details and Response

This vulnerability, tracked as CVE-2026-59208, affects instances of n8n configured for token exchange with at least two trusted issuers. The issue was reported by a GitHub user who highlighted the identity-binding bug during a penetration test. n8n addressed the problem with a patch released on June 24, 2023, but the CVE details were made public on July 9.

Impact on Users

The flaw primarily impacts OEM deployments, as token exchange is an Enterprise-only feature, and current configurations that utilize it are still in preview. The practical implications depend on how a malicious actor could obtain a valid token and whether a user can influence the 'sub' value they receive. The advisory does not clarify these details, leaving some uncertainty regarding exploitation.

Severity Ratings

The vulnerability has been rated with a CVSS score of 7.6 by GitHub, indicating a high severity level, while NVD has rated it at 6.8, categorizing it as medium. This discrepancy highlights differing assessments of the exploitability and potential impact of the bug.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub n8n-io/n8n CVE CVE-2026-592086.8 MEDIUM CVE CVE-2026-543059.9 CRITICAL

Reporting from

n8n's workflow automation platform experienced a security flaw allowing attackers to log in as users from different issuers. The bug allowed valid tokens from one issuer to erroneously authenticate users from another, impacting Enterprise deployments that trust multiple external token issuers.