THURSDAY, JULY 16, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 2h ago

n8n Bug Let Attackers Hijack Accounts via Token Confusion

By Meridian48 News Desk · Summarised from The Hacker News ·

A flaw in n8n's Enterprise login could match users to the wrong account when multiple token issuers are trusted. The system checked only the sub claim, ignoring the iss field, so a token from issuer A could log in as a user from issuer B. The vulnerability affects self-hosted Enterprise instances with multiple external identity providers.

Meridian48 take
The fix is straightforward—validate the issuer—but the oversight highlights how fragile multi-tenant authentication can be when claims aren't scoped.
Read the full reporting
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer →
The Hacker News
authentication-flawworkflow-automation
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan