n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
n8n fixed a token-exchange identity-binding flaw, CVE-2026-59208, that could log an Enterprise user into the wrong account when multiple external issuers were trusted. The issue affected releases below 2.27.4 and 2.28.0, and n8n recommends patching or reducing the trusted issuer list if token exchange cannot be turned off. #n8n #CVE-2026-59208 #RFC8693 #RFC7519

Keypoints

  • n8n’s Enterprise token exchange could match users by sub only and ignore iss.
  • A valid JWT from one issuer could log in as a local user from another issuer.
  • The flaw is tracked as CVE-2026-59208 and was fixed on June 24.
  • The issue affects n8n releases below 2.27.4 and version 2.28.0.
  • Administrators should patch, disable token exchange, or limit trusted issuers.

Read More: https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html