Zapier vs n8n 2026: Breadth vs Self-Host Freedom

Head-to-Head Summary

Who Wins for Which Persona

Aggregate scores hide the real story. The two platforms separate by 2.0 points on the Platform Engineer persona and by 0.5 points on SMB Ops — a larger spread than any two platforms in our six-platform workflow-automation benchmark. Persona first, product second.

Segment scores weighted per persona (see methodology). Non-Technical Founder column included for completeness — both platforms lose to Codewords and Lindy in that segment.

Dimension-by-Dimension Breakdown

The table below shows 22 scoring dimensions on our 5-point anchor rubric. Zapier wins 5 dimensions, n8n wins 11, and 6 are tied. But a composite count is misleading — Zapier's five wins include the two dimensions SMB Ops Leads care about most (Integrations breadth, Integrations depth), and Compliance & Security sits at Zapier 4 vs n8n 2 following the 2026 CVE cadence.

Scores on 1–5 scale. Sources: Vibedex scoring (April 2026), first two tests run hands-on on both platforms, third test (webhook + retry) on Zapier only.

Hands-On Test Results

We ran three calibration tests across both platforms. Both completed the Gmail-to-Notion and Google-Sheet classifier tests; the webhook + retry + error-path test was run hands-on on Zapier only and remains research-only on n8n in this benchmark cycle.

The n8n Security Reality — 4 Critical RCEs in Q1 2026, n8n 2.0 Shipped in Response

• • CVE-2026-21858 “Ni8mare” (Jan 8 2026, CVSS 10.0) — pre-auth RCE in n8n runtime; fixed in 1.123.17 / 2.5.2.
• • CVE-2026-21877 — authenticated RCE chain via workflow execution path.
• • CVE-2026-25049 — CVSS 9.4, confirmed by Perplexity deep-research as a bypass of the prior CVE-2025-68613 (CVSS 9.9) expression-sandbox escape. The security researcher noted “they could be considered the same vulnerability, as the second one is just a bypass for the initial fix.”
• • CVE-2026-33660 — a further critical RCE patched 30 March 2026 per Qualys. This is the third fresh CVE in the cluster following Ni8mare and CVE-2026-25049, bringing the Q1 2026 disclosure cadence to four criticals across three consecutive months (Ni8mare + CVE-2026-21877 + CVE-2026-25049 + CVE-2026-33660).

If you self-host n8n, confirm your instance is on n8n 2.0 (1.123.17 / 2.5.2 or later). Older builds on public endpoints should be treated as compromised until patched. The CVE cadence compounds with reliability data: n8n Cloud had two long outages in February 2026 (16h58m on Feb 17, 10h56m on Feb 18 per IsDown), partly driven by patch-restart cadence forced by the CVE cycle.

This is a patch-discipline risk, not a stop-using-n8n risk. n8n remains the best platform in our benchmark for Platform Engineers, and n8n 2.0 Task Runners materially narrow the worst-case blast radius. But self-host buyers still need a named on-call owner and an automated patch process. Teams without that should prefer Zapier or n8n Enterprise Cloud with uptime SLA.

The Zapier Reality — Trustpilot 1.4 vs G2 4.5

Zapier's review signal is one of the most bifurcated in SaaS: Trustpilot 1.4/5 vs G2 4.5–4.7/5. The gap is real and channel-specific: Trustpilot is an exit-survey channel that over-indexes on billing and auto-renewal complaints; G2 skews to active in-product users. Specific complaints that show up in the corpus:

• • 623+ outages logged since 2017 (multi-year historical stat), 44 in the last 90 days with a 2h 6min median duration (IsDown). The freshest incidents on our radar: Apr 6 2026 custom-actions failure (22:12–22:47 UTC) and Apr 16 2026 Zap Run History Export download-link errors. An Oct 2025 revenue-loss outage previously triggered 1-star Trustpilot reviews citing refused refunds; recent research confirms no formal post-mortem, SLA change or refund-policy update has been published in the 2026-01-20 to 2026-04-20 window. No SLA on Standard or Pro plans — only Enterprise (Company) gets 99.9%.
• • Current overage structure: Zapier plans include a 25% premium on overage credits beyond plan allotment. One reported case documents £17,500/year on a single business process running 500 times/day at ~12 tasks per run.
• • Nov 24 2025 NPM supply-chain incident (Hacker News thread 46039028) compromised core Zapier NPM packages in November 2025 — a proof point; patched within hours and no repeat incident located as of April 2026. Still a trust hit for dev adoption of Zapier MCP specifically.
• • Copilot cannot place Paths reliably — XRAY Tech hands-on confirmed the planning-vs-execution gap. Our branching-classifier test observed Paths-awarereasoning, but the produced Zap was not inspected for Paths placement.
• • Auto-renewal friction dominates Trustpilot 1-stars: “credit card bill of over $800 for an annual plan charged without notification”; “approximately $350+ without warning.” Auto-replay is now universal across plans; automatic retry-on-failure remains Professional+ only.

None of this makes Zapier a bad product. It makes Zapier a product with known friction seams that concentrate on billing and scale, which is exactly what drives the n8n-self-host-migration narrative.

Pricing at Scale

Zapier charges per task (one action step = one task); n8n charges per execution (one full workflow run = one execution regardless of steps). For multi-step flows, n8n's model is structurally cheaper. Self-hosted n8n eliminates the pricing axis entirely.

AI Build: Copilot vs AI Workflow Builder

Both platforms shipped AI build surfaces in 2025. The experiences are different in kind, not degree.

The structural difference: Zapier Copilot is a generalist assistant across a wide surface; n8n AI Builder is a specialist for agentic/LLM-heavy workflows with Code node escape hatches. If you are building ops automations (CRM syncs, notification routers), Zapier Copilot wins on breadth. If you are building AI products (retrieval-augmented agents, multi-model pipelines), n8n wins on depth.

Will Both Be Around in Three Years?

Decision Framework

Bottom Line

Zapier and n8n are not tiers of the same product. Zapier is a SaaS integrator; n8n is a dev-native self-host platform. Zapier wins SMB Ops 4.2 vs 3.7 on breadth and Copilot simplicity. n8n wins Platform Engineer 4.4 vs 2.4 on self-host freedom and AI Product Builder 4.0 vs 3.5 on LangChain depth. The buyer question is not which is better — it is whether you own the stack or rent it, and whether you have the patch discipline to handle n8n's 2026 CVE cadence. Most engineering orgs end up running both: n8n for critical paths, Zapier for citizen-developer self-serve.

Sources & References

All external sources were verified as of April 2026. Ratings and metrics reflect the most recent data available at time of review.

1. Zapier - Pricing Plans(zapier.com)
2. n8n - Pricing Plans(n8n.io)
3. NVD - CVE-2026-25049 (n8n expression-sandbox bypass)(nvd.nist.gov)
4. NVD - CVE-2025-68613 (original n8n sandbox escape)(nvd.nist.gov)
5. n8n - $180M Series C (Accel-led, Oct 2025)(blog.n8n.io)
6. Trustpilot - Zapier Reviews(trustpilot.com)
7. G2 - Zapier Reviews(g2.com)
8. G2 - n8n Reviews(g2.com)
9. IsDown - Zapier Outage History(isdown.app)
10. Qualys - CVE-2026-33660 n8n critical RCE patch (Mar 30 2026)(threatprotect.qualys.com)
11. The Hacker News - Ni8mare CVSS 10.0 n8n RCE (Jan 2026)(thehackernews.com)
12. Medium - n8n 2.0 Enterprise-Hardened (Task Runners default)(medium.com)
13. RogueOps - Zapier reliability / no-SLA posture(gorogueops.com)
14. Hetzner - Cloud Server Pricing (self-host reference)(hetzner.com)
15. Medium - From $500 Zapier Bills to $0: Migration Guide(medium.com)
16. Hacker News - Zapier NPM supply-chain (Nov 2025)(news.ycombinator.com)
17. ThatAPICompany - Zapier Pricing Breakdown (£17,500 case)(thatapicompany.com)
18. XRAY - Zapier Copilot Hands-On Review(xray.tech)

FAQ