National Cyber Warfare Foundation (NCWF)

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer


0 user ratings
2026-07-16 14:48:41
milo
Crypto Currency
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.

A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Crypto Currency



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.