CVE-2026-59208 is a authentication vulnerability with a CVSS score of 7.6 affecting n8n Enterprise instances configured with multiple trusted external token-exchange issuers. The flaw exists because n8n incorrectly validates exchanged JWT tokens by matching users only through the sub (subject) claim while ignoring the iss (issuer) claim, allowing an attacker with a valid token from one trusted issuer to impersonate a user from another issuer if both share the same subject identifier. Successful exploitation could enable unauthorized account access without requiring the victim’s password, potentially exposing workflows, credentials, and connected integrations. The vulnerability has been addressed through security updates, and organizations using token exchange should apply the available patches or disable/restrict multi-issuer token exchange configurations until remediation is completed.
We recommend you to update n8n to below version: https://github.com/n8n-io/n8n/releases[/subscribe_to_unlock_form]
CVE-2026-59208 is a authentication vulnerability with a CVSS score of 7.6 affecting n8n Enterprise instances configured with multiple trusted external token-exchange issuers. The flaw exists because n8n incorrectly validates exchanged JWT tokens by matching users only through the sub (subject) claim while ignoring the iss (issuer) claim, allowing an attacker with a valid token from one trusted issuer to impersonate a user from another issuer if both share the same subject identifier. Successful exploitation could enable unauthorized account access without requiring the victim’s password, potentially exposing workflows, credentials, and connected integrations. The vulnerability has been addressed through security updates, and organizations using token exchange should apply the available patches or disable/restrict multi-issuer token exchange configurations until remediation is completed.
We recommend you to update n8n to below version: https://github.com/n8n-io/n8n/releases[emaillocker id="1283"]
The following reports contain further technical details:
[/emaillocker]