🟠 High  |  Source: The Hacker News


n8n’s Enterprise workflow automation platform contains a flaw where JWT-based logins are matched to local users using only the ‘sub’ (subject) claim, without validating the ‘iss’ (issuer) claim. This means a valid token from one trusted identity provider can be used to authenticate as a completely different user registered under a separate issuer. An attacker with a legitimate account on one connected identity provider could potentially log in as any other user on the same n8n instance.

Security Architect’s Take: If you run n8n Enterprise with multiple OIDC or JWT issuers configured, treat this as a high-priority patch and update to the fixed version immediately. In the interim, reduce your trusted issuer list to the minimum necessary and audit recent login events for unexpected cross-issuer authentication activity.

Original advisory: n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer