CVE-2026-59208: How a Token Bug Enabled Cross-Issuer Account Takeover in n8n

CVE-2026-59208: Cross-Issuer Account Takeover in n8n

12bearsyankees💬 1
CVE-2026-59208: How a Token Bug Enabled Cross-Issuer Account Takeover in n8n

Our Strix agents discovered a critical flaw in n8n where the platform verified token signatures correctly but ignored the issuer when mapping users. This allowed attackers to hijack accounts by presenting valid tokens from different trusted issuers sharing the same subject ID. We validated this cross-issuer takeover dynamically and helped n8n release a fix that now uniquely qualifies identities by combining the issuer and subject.

"n8n trusts who signed a token when it verifies it — but forgets who signed it when it decides whose account you are."

More from this day · 2026-07-15