n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.
A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never
Source: TheHackerNews
Source Link: https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html