N8n Enterprise token exchange JWT issuer-binding flaw (CVE-2026-59208)
Vulnerability
Summary
Hide ▲
Show ▼
n8n patched CVE-2026-59208, a JWT issuer-binding flaw in Enterprise token exchange that could log a user into the wrong account on multi-issuer deployments. The bug matched on sub alone and ignored iss, so a valid token from one trusted issuer could map to another user's local account. n8n shipped the fix on June 24, and the CVE became public on July 9.
Related Happenings
Cloud Software Group NetScaler urgent remediation advisory
Advisory/Mitigation
H score44
First: 25.03.2026 17:52
Last: 25.03.2026 17:52
Sources 1
About this happening:
Cloud Software Group issued urgent remediation guidance for NetScaler ADC and NetScaler Gateway, telling affected customers to install updated versions as soon as poss...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/MitigationAbout this happening: Cloud Software Group issued urgent remediation guidance for NetScaler ADC and NetScaler Gateway, telling affected customers to install updated versions as soon as poss...
N8n sandbox escape flaws (multiple vulnerabilities)
Vulnerability
H score41
First: 04.02.2026 15:00
Last: 04.02.2026 15:00
Sources 1
About this happening:
Two maximum-severity sandbox-escape flaws in n8n expose self-hosted and cloud instances to complete server takeover and credential theft. An authenticated us...
N8n sandbox escape flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: Two maximum-severity sandbox-escape flaws in n8n expose self-hosted and cloud instances to complete server takeover and credential theft. An authenticated us...
Malicious npm packages masquerading as n8n integrations to steal OAuth credentials
Malware Activity
H score37
First: 12.01.2026 18:39
Last: 12.01.2026 18:39
Sources 1
About this happening:
A set of eight npm packages impersonating n8n integrations is stealing developers' OAuth credentials, putting linked services and workflow access at risk. One package...
Malicious npm packages masquerading as n8n integrations to steal OAuth credentials
Malware ActivityAbout this happening: A set of eight npm packages impersonating n8n integrations is stealing developers' OAuth credentials, putting linked services and workflow access at risk. One package...
Timeline
-
16.07.2026 16:33 1 articles · 2h ago
n8n ships a fix for the JWT issuer-binding flaw
Mitigation Patch Updaten8n shipped a fix for CVE-2026-59208 on June 24 after its Enterprise token-exchange login flow matched incoming JWTs on sub alone and ignored iss, which could let a token from one trusted issuer map to another local account.
Show sources
- n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer — thehackernews.com — 16.07.2026 16:33
-
09.07.2026 03:00 2 articles · 7d ago
CVE-2026-59208 record goes public
Initial DisclosureThe CVE record for CVE-2026-59208 became public on July 9, and n8n credited the report to the GitHub account bearsyankees, whose profile lists Strix, the AI penetration testing agent that says it found the identity-binding bug in the token-exchange flow.
Show sources
- n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer — thehackernews.com — 16.07.2026 16:33
- n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer — thehackernews.com — 16.07.2026 16:33