{"id":8935,"date":"2026-07-16T15:13:30","date_gmt":"2026-07-16T15:13:30","guid":{"rendered":"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/07\/16\/n8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer\/"},"modified":"2026-07-16T15:13:30","modified_gmt":"2026-07-16T15:13:30","slug":"n8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer","status":"publish","type":"post","link":"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/07\/16\/n8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer\/","title":{"rendered":"n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer"},"content":{"rendered":"<p>\u200bn8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the\u00a0sub\u00a0claim alone and ignored\u00a0iss.<\/p>\n<p>A valid token from issuer A carrying a\u00a0sub\u00a0that belongs to someone under issuer B logged you in as them. Their password never\u00a0n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the\u00a0sub\u00a0claim alone and ignored\u00a0iss.<\/p>\n<p>A valid token from issuer A carrying a\u00a0sub\u00a0that belongs to someone under issuer B logged you in as them. Their password never\u00a0\u00a0The Hacker News<\/p>","protected":false},"excerpt":{"rendered":"<p>\u200bn8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the\u00a0sub\u00a0claim alone and ignored\u00a0iss. A valid token from issuer A carrying a\u00a0sub\u00a0that belongs to someone under issuer B logged you in&hellip;&nbsp;<a href=\"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/07\/16\/n8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":8936,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/8935"}],"collection":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/comments?post=8935"}],"version-history":[{"count":0,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/8935\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media\/8936"}],"wp:attachment":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media?parent=8935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/categories?post=8935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/tags?post=8935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}