URL has been copied successfully!
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link