Back to all news
Security

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

The Hacker News·July 16, 2026·1 min read
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n, the workflow automation platform, had a token exchange flaw where on Enterprise instances configured to trust multiple external token issuers, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A with a sub belonging to someone under issuer B logged you in as them, bypassing password authentication.

Read at The Hacker News
Daily crypto arcade

Read the news, then play it.

Chainshorts turns crypto headlines into a daily game. Catch up in 60 words, then jump into daily lucky draws for a shot at the pot.

Open ChainshortsGet it on the Solana dApp Store