HackerFeeds

CyberSecurity News

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

The Hacker News
· July 16, 2026

AI summary

A vulnerability in the n8n workflow automation platform allowed attackers to log in as users from a different issuer. The issue occurred in Enterprise instances that trusted multiple external token issuers, where the platform matched incoming JWT tokens to local users based solely on the sub claim, ignoring the issuer. This meant that a valid token from one issuer could be used to log in as a user from another issuer if the sub claim matched. As a result, an attacker could gain access to an account without knowing the password. The flaw enabled unauthorized access to accounts by exploiting the token exchange mechanism.

Read the full article at The Hacker Newsthehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.