Security
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
The Hacker News·July 16, 2026·1 min read
n8n, the workflow automation platform, had a token exchange flaw where on Enterprise instances configured to trust multiple external token issuers, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A with a sub belonging to someone under issuer B logged you in as them, bypassing password authentication.
Read at The Hacker NewsDaily crypto arcade
Read the news, then play it.
Chainshorts turns crypto headlines into a daily game. Catch up in 60 words, then jump into daily lucky draws for a shot at the pot.
