CVE-2026-59208
n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
4th
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1.
| CWE | CWE-287 CWE-346 |
| Vendor | n8n-io |
| Product | n8n |
| Published | Jul 9, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for n8n-io n8n
Be the first to know when new unknown vulnerabilities affecting n8n-io n8n are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n8n-io / n8n
>= 2.28.0, < 2.28.1 < 2.27.4