Get the latest tech news

CVE-2026-59208: Cross-Issuer Account Takeover in n8n


Strix pointed itself at n8n's token-exchange flow and found an identity-binding bug: two trusted issuers emitting the same sub map to the same local account. One trusted token could log you in as someone else.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of N8n

N8n

Photo of cve-2026

cve-2026

Related news:

News photo

Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]

News photo

Most of the CVE-2026-4020 attackers are the same client

News photo

Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV