n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

Article summary
Quick briefing — cleaned from the original RSS feed
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never
1Key Takeaways
- n8n, the workflow automation platform, handed out the wrong accounts at login.
- On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.
- A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them.
2AIWedia Score
8.3/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
Tool launches and updates shape which workflows teams adopt and which vendors gain traction. The Hacker News reports that n8n, the workflow automation platform, handed out the wrong accounts at login.
Explore related
Browse toolsRelated tools
AI Tools news
Explore curated ai tools tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.
