Authentication Flaw in n8n Workflow Automation Platform
CVE-2026-59208

7.6HIGH

Key Information:

Vendor

N8n-io

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-59208?

The n8n workflow automation platform contains a vulnerability that affects instances configured with multiple trusted token-exchange issuers. This flaw allows attackers to exploit the JWT sub claim while disregarding the iss claim. Consequently, they can use a valid token linked to one trusted issuer to impersonate a victim under a different issuer, gaining unauthorized access. Resolutions have been implemented in n8n versions 2.27.4 and 2.28.1 to mitigate this risk.

Affected Version(s)

n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1

n8n < 2.27.4 < 2.27.4

References

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.