HeadlinesBriefing favicon HeadlinesBriefing.com

CVE-2026-59208: Cross-Issuer Account Takeover in n8n

Hacker News •
×

The recent vulnerability, identified as CVE-2026-59208, was first detailed on the Strix.ai blog. It targets the n8n workflow automation platform, allowing attackers to hijack accounts by exploiting a cross‑issuer authentication flaw. The issue is triggered when an attacker can create a credential that masquerades as a legitimate issuer, bypassing normal access controls.

Cross‑issuer account takeover occurs when an attacker registers a new OAuth provider that is recognized by the target application. By feeding the platform with a forged issuer claim, the attacker can gain full access to the victim’s account without needing valid credentials. This bypasses the entire authentication flow, making the vulnerability especially dangerous.

n8n users must immediately update to the latest version, which patches the issuer validation logic. The severity is high, as attackers can manipulate workflows, exfiltrate data, or deploy malicious nodes. Organizations that rely on n8n for critical business processes should review their configurations and monitor for unusual authentication events.

To mitigate, ensure that the issuer field is strictly validated against a whitelist, and enable multi‑factor authentication. Developers should also audit any third‑party OAuth providers and remove unused or unverified issuers. Following the patch, a thorough penetration test can confirm that the vulnerability is fully resolved.