PatchSiren cyber security CVE debrief
CVE-2026-59208 n8n-io CVE debrief
The CVE-2026-59208 vulnerability is a high-severity issue affecting n8n, an open-source workflow automation platform. Prior to versions 2.27.4 and 2.28.1, n8n instances configured with multiple trusted token-exchange issuers were vulnerable to authentication bypass. An attacker with a valid token from one trusted issuer could authenticate as a victim under another issuer if the JWT sub claim matched. This issue is fixed in versions 2.27.4 and 2.28.1. The vulnerability is classified as CWE-287 (Improper Authentication) and CWE-346 (Sensitive Information Exposure). Affected users should prioritize patching to prevent potential authentication bypass attacks.
- Vendor
- n8n-io
- Product
- n8n
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-14
Who should care
Users of n8n workflow automation platform, especially those with multiple trusted token-exchange issuers configured, should be aware of this vulnerability. Security teams and administrators responsible for n8n instances should prioritize patching to versions 2.27.4 or 2.28.1 to prevent potential authentication bypass attacks.
Technical summary
The vulnerability in n8n allows an attacker to bypass authentication by exploiting the token-exchange issuer configuration. Specifically, n8n instances with more than one trusted token-exchange issuer were resolving external identities to local accounts using only the JWT sub claim and ignoring the iss claim. This means an attacker with a valid token from one trusted issuer could authenticate as a victim under another issuer if the sub claim matched. The issue is classified as CWE-287 (Improper Authentication) and CWE-346 (Sensitive Information Exposure).
Defensive priority
High
Recommended defensive actions
- Patch n8n instances to version 2.27.4 or 2.28.1
- Review and update token-exchange issuer configurations
- Monitor for suspicious authentication attempts
- Implement additional authentication security measures
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-09T16:16:46.610Z and was last modified on 2026-07-14T01:16:18.827Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and has not been independently verified. Defenders should verify the accuracy of this information with official sources.
Official resources
-
CVE-2026-59208 CVE record
CVE.org
-
CVE-2026-59208 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T16:16:46.610Z and has not been modified since then. The NVD entry is currently Analyzed.