Vulnerabilities

Ivanti, Fortinet, SAP, VMware Patch Critical Vulnerabilities

Multiple vendors release fixes for remote code execution, SQL injection and privilege escalation flaws.

Illustration: Ivanti, Fortinet, SAP, VMware Patch Critical Vulnerabilities

Multiple vendors release fixes for remote code execution, SQL injection and privilege escalation flaws.

  • Ivanti patches critical vulnerability CVE-2026-8043 (CVSS 9.6) in Xtraction product
  • Fortinet, SAP, VMware and n8n also release security updates for various flaws
  • Vulnerabilities enable authentication bypass and arbitrary code execution

Five major technology vendors have released security patches for critical vulnerabilities that could allow attackers to bypass authentication and execute arbitrary code on affected systems.

The Hacker News reports that Ivanti, Fortinet, SAP, VMware and n8n have all issued fixes addressing remote code execution, SQL injection and privilege escalation flaws.

The most severe vulnerability affects Ivanti’s Xtraction product. CVE-2026-8043 carries a CVSS score of 9.6 and stems from external control of file names, potentially enabling information disclosure or client-side attacks.

Fortinet, SAP, VMware and workflow automation platform n8n have also released security updates addressing various vulnerabilities in their respective products. The specific details of these additional flaws were not immediately available from the source material.

All affected vendors have made patches available through their standard security update channels. The timing of these coordinated security releases suggests potential coordination between vendors or discovery by security researchers conducting broader vulnerability research.

Why It Matters

Critical vulnerabilities in enterprise infrastructure products pose significant operational risk, particularly when they enable authentication bypass and remote code execution. The high CVSS score of 9.6 for the Ivanti Xtraction flaw indicates potential for complete system compromise.

CISOs should prioritise these patches in their vulnerability management programs, especially for internet-facing systems. The coordinated nature of these releases across multiple vendors may indicate broader attack patterns that security teams should monitor.

What To Do Now

  • Review your organisation’s use of affected Ivanti, Fortinet, SAP, VMware and n8n products as detailed in vendor security advisories
  • Prioritise patching of Ivanti Xtraction systems due to the critical 9.6 CVSS rating of CVE-2026-8043
  • Check vendor security portals for specific patch installation guidance and prerequisites

Sources

Related Posts