We are continuing to expand our n8n RCE vulnerability scanning - most recently adding CVE-2026-27495 (CVSS 9.4) tagging as well. You can track our various n8n scan results here for the most well known critical vulns: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=30&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-68613%2B&tag=cve-2025-68668%2B&tag=cve-2026-21858%2B&tag=cve-2026-21877%2B&tag=cve-2026-25053%2B&tag=cve-2026-25056%2B&tag=cve-2026-27495%2B&dataset=unique_ips&limit=100&group_by=tag&stacking=overlap&auto_update=on

Top affected: US, Germany & France.

IP data on vulnerable instances is tagged 'n8n' & with a cve tag (like cve-2026-27495) in our Vulnerable HTTP reporting - https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/

Latest n8n critical RCE vulns (all covered with above tag):

https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869
https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr
https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23

If you receive an alert from us, please patch.

World Map view of all n8n vulnerable instances we track: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=http_vulnerable&source=http_vulnerable6&tag=n8n%2B&data_set=count&scale=log&auto_update=on

#CyberCivilDefense