Authentication Flaw in n8n Workflow Automation Platform
CVE-2026-59208
7.6HIGH
What is CVE-2026-59208?
The n8n workflow automation platform contains a vulnerability that affects instances configured with multiple trusted token-exchange issuers. This flaw allows attackers to exploit the JWT sub claim while disregarding the iss claim. Consequently, they can use a valid token linked to one trusted issuer to impersonate a victim under a different issuer, gaining unauthorized access. Resolutions have been implemented in n8n versions 2.27.4 and 2.28.1 to mitigate this risk.
Affected Version(s)
n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1
n8n < 2.27.4 < 2.27.4
