Get the latest tech news
CVE-2026-59208: Cross-Issuer Account Takeover in n8n
Strix pointed itself at n8n's token-exchange flow and found an identity-binding bug: two trusted issuers emitting the same sub map to the same local account. One trusted token could log you in as someone else.
None
Or read this on Hacker News