CVE-2026-59208
Undergoing Analysis Undergoing Analysis - In Progress

Authentication Bypass in n8n Workflow Automation

Vulnerability report for CVE-2026-59208, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
n8n n8n 2.28.0
n8n n8n to 2.27.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-346 The product does not properly verify that the source of data or communication is valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not explicitly describe how the vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-59208 is a vulnerability in the n8n workflow automation platform affecting versions prior to 2.27.4 and between 2.28.0 and before 2.28.1. The issue occurs when n8n instances are configured with more than one trusted token-exchange issuer. In this scenario, the system resolves external identities to local accounts using only the JWT subject claim (sub) and ignores the issuer claim (iss).

This flaw allows an attacker who has a valid token from one trusted issuer and a subject (sub) matching a victim under another issuer to authenticate as that victim, effectively impersonating them.

Impact Analysis

This vulnerability can lead to unauthorized access by allowing an attacker to impersonate another user if they have a valid token from a trusted issuer with a matching subject claim. This can result in unauthorized actions being performed under the victim's identity within the n8n platform.

The impact is significant in environments where multiple trusted token issuers are configured and the token exchange feature is enabled, potentially compromising the integrity and confidentiality of workflows and data.

Detection Guidance

This vulnerability affects n8n instances configured with more than one trusted token-exchange issuer where external identities are resolved using only the JWT sub claim and ignoring the iss claim.

Detection involves verifying your n8n instance configuration to check if multiple trusted token-exchange issuers are enabled and if the version is prior to 2.27.4 or between 2.28.0 and 2.28.1.

There are no specific commands provided in the available resources to detect exploitation on your network or system.

Mitigation Strategies

The vulnerability is fixed in n8n versions 2.27.4 and 2.28.1 and later. The primary mitigation is to upgrade your n8n instance to one of these fixed versions or newer.

As a temporary mitigation, you can reduce the token exchange configuration to a single trusted issuer or disable the token exchange feature entirely, although these are not complete solutions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart