Improper Authentication in n8n - #VU135229
Published: June 25, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to authenticate as another user and access their account.
The vulnerability exists due to improper access control in the token exchange identity resolution logic when processing tokens from multiple trusted issuers. A remote user can present a valid token with a matching JWT subject claim to authenticate as another user and access their account.
This issue only affects instances where the token exchange feature is enabled and more than one trusted external issuer is configured.