Security · 2h ago
n8n Bug Let Attackers Hijack Accounts via Token Confusion
A flaw in n8n's Enterprise login could match users to the wrong account when multiple token issuers are trusted. The system checked only the sub claim, ignoring the iss field, so a token from issuer A could log in as a user from issuer B. The vulnerability affects self-hosted Enterprise instances with multiple external identity providers.
Meridian48 take
The fix is straightforward—validate the issuer—but the oversight highlights how fragile multi-tenant authentication can be when claims aren't scoped.
Read the full reporting
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer →
The Hacker News
authentication-flawworkflow-automation