In February 2026, n8n published two security bulletins disclosing a combined 19 vulnerabilities — including 6 critical (CVSS 9.4+) and 3 independent remote code execution attack surfaces. National cybersecurity agencies — Singapore’s CSA and Canada’s CCCS — have issued formal advisories.
This isn’t a patching problem. It’s a structural architecture problem across multiple n8n subsystems.
February 6: The first wave — 8 CVEs
The month started with n8n’s February 6 bulletin disclosing 8 vulnerabilities, including the already-known expression evaluation RCE and a critical new development: CVE-2026-25049 (CVSS 9.4), which bypassed the December 2025 fix for the original CVSS 10.0 expression injection RCE.
The bypass proved this was not a one-time bug — it was evidence of a fundamental design flaw in n8n’s expression evaluation engine. Point fixes address specific attack vectors but leave the underlying architecture vulnerable to new exploitation techniques.
February 25: 11 more CVEs — 3 critical
Three weeks later, n8n published a second bulletin with 11 additional vulnerabilities, including 3 new critical-severity issues:
| CVE | Severity | Description |
|---|---|---|
| CVE-2026-27497 | Critical (9.4) | SQL query mode allows arbitrary code execution on the n8n server |
| CVE-2026-27577 | Critical (9.4) | Expression sandbox escape — system commands via manipulated parameters |
| CVE-2026-27495 | Critical (9.4) | JavaScript task runner sandbox breakout — arbitrary code execution |
| CVE-2026-27578 | High | Stored XSS |
| CVE-2026-27493 | High | Unauthenticated expression evaluation via Form Node |
| + 6 more | High/Medium | Chat auth bypass, SSO bypass, SQL injection (MySQL/PostgreSQL/MSSQL), webhook forgery |
Three independent RCE vectors in one month
The February 25 bulletin is particularly alarming because it reveals three completely independent paths to remote code execution:
-
Expression evaluation — The sandbox designed to safely evaluate user expressions can be escaped, allowing arbitrary system command execution. This is the same subsystem that produced the December 2025 RCE and the February bypass — now with a new escape technique.
-
SQL query mode — The SQL execution engine allows arbitrary code execution on the n8n server. This is an entirely separate subsystem from expression evaluation.
-
JavaScript task runner — The sandboxed JavaScript execution environment can be broken out of, allowing arbitrary code execution. Again, a completely separate subsystem.
Each of these represents a distinct attack surface in a different part of n8n’s architecture. Patching one does not protect against the others. An attacker only needs to find one.
National cybersecurity agencies respond
The severity of n8n’s February disclosures prompted formal advisories from national cybersecurity agencies:
- Singapore CSA (Cyber Security Agency of Singapore) — Issued advisory for n8n vulnerabilities
- Canadian CCCS (Canadian Centre for Cyber Security) — Issued advisory for n8n vulnerabilities
When national governments issue warnings about your automation platform, the urgency is clear. These are the same agencies that issue advisories for critical infrastructure vulnerabilities.
Why patching isn’t enough
The pattern across February tells a clear story:
- February 6: 8 CVEs including a bypass of the December 2025 patch
- February 25: 11 more CVEs across three separate subsystems
- Combined: 19 CVEs, 6 critical, 3 independent RCE vectors
This is not a case where applying the latest patch resolves the risk. The vulnerabilities span:
- Expression evaluation engine
- SQL query execution engine
- JavaScript task runner sandbox
- Authentication and SSO systems
- Form evaluation endpoints
- Database connectors (MySQL, PostgreSQL, MSSQL)
- Webhook handling
The breadth suggests systemic architecture-level security issues, not isolated bugs.
The February 2026 CVE summary
| Metric | Count |
|---|---|
| Total CVEs in February 2026 | 19 |
| Critical severity (CVSS 9.4+) | 6 |
| Independent RCE vectors | 3 |
| National agency advisories | 2 (Singapore CSA, Canadian CCCS) |
| Patch rounds in February | 2 (Feb 6 + Feb 25) |
| Exposed instances (Censys) | 26,512 |
Patches available: n8n 2.10.1, 2.9.3, 1.123.22. All self-hosted instances should upgrade immediately.
The migration path
JieGou’s n8n import wizard converts your n8n workflow JSON exports to JieGou workflows automatically:
- Export your n8n workflows (Settings → Export All Workflows)
- Upload the JSON to JieGou’s import wizard
- Review the conversion — 47+ node type mappings handled automatically
- Deploy with managed hosting, zero patching, and SOC 2-ready compliance infrastructure
The import tool maps n8n nodes to JieGou steps:
Set / Code / Function→ LLM StepIF / Switch / Filter→ Condition StepSplitInBatches→ Loop StepHTTP Request→ LLM + MCP ToolSlack / Gmail / GitHub→ LLM + MCP ServerWebhook→ Webhook Trigger
Security comparison
| Dimension | JieGou | n8n |
|---|---|---|
| CVEs (Feb 2026) | 0 | 19 total, 6 critical |
| RCE vectors | N/A | 3 independent |
| Government advisories | None needed | Singapore CSA, Canadian CCCS |
| Exposed instances | N/A (cloud + VPC) | 26,512 |
| SOC 2 | Tech complete, 15 policies, audit pending | Not available |
| Encryption at rest | AES-256-GCM (BYOK) | Not included (community) |
| RBAC | 6 roles, 20 permissions | Basic (admin / editor) |
| Audit logging | 30 action types, immutable | Not included (community) |
| GDPR | Data export + deletion endpoints | Not available |
Start migrating
19 vulnerabilities in one month. Three independent remote code execution attack surfaces. National cybersecurity agencies issuing formal advisories.
If you’re running n8n — especially self-hosted — the risk profile has fundamentally changed.
- Import your n8n workflows — automated import with 47+ node mappings
- Read the migration guide — step-by-step technical walkthrough
- Compare JieGou vs. n8n — full feature and security comparison