Several major technology vendors have released security updates to address vulnerabilities that could allow attackers to bypass authentication and execute arbitrary code on affected systems. Ivanti, Fortinet, n8n, SAP, and VMware all issued patches this week for flaws ranging in severity from high to critical.
The most pressing issue involves a critical vulnerability in Ivanti Xtraction, designated as CVE-2026-8043. This flaw carries a CVSS score of 9.6, indicating a severe risk. An attacker could exploit it to achieve information disclosure or launch client-side attacks.
The root cause of the Ivanti vulnerability lies in the external control of a file name. This weakness could permit a malicious actor to manipulate system files, potentially leading to unauthorized data access or a compromise of the client machine.
Ivanti Xtraction flaw tops severity list
Security researchers identified the vulnerability in Ivanti Xtraction, a data aggregation and analytics platform. The company has not detailed specific attack vectors but confirmed that remote exploitation is possible without authentication in some configurations. Ivanti has released a security patch, and all users are urged to apply it immediately.
Fortinet addresses authentication bypass and RCE
Fortinet also issued patches for Multiple products. The company corrected an authentication bypass vulnerability in its FortiGate firewalls and FortiWeb web application firewalls. Additionally, patches address remote code execution (RCE) flaws that could allow an attacker to run arbitrary commands on vulnerable appliances. Fortinet has advised customers to upgrade to the latest firmware versions.
SAP and VMware release critical updates
Software giant SAP released its monthly security patch bundle covering multiple products. The updates address vulnerabilities including SQL injection flaws and privilege escalation issues. SAP rated some of these as high priority and recommended immediate deployment.
VMware similarly issued fixes for several products, including vCenter Server and Cloud Foundation. The vulnerabilities could allow an attacker to escalate privileges or execute arbitrary code on the hypervisor. VMware has classified these as important and has provided download links for the updated components.
n8n patches workflow automation risks
The open source workflow automation tool n8n released a security update to fix a vulnerability that could be exploited for privilege escalation. The flaw could allow a malicious actor to gain higher level access within the platform, potentially affecting automated workflows and data handling. Users of self hosted n8n instances are encouraged to update to the latest version.
All vendors have published detailed advisories on their respective security portals. System administrators are advised to review the announcements and apply the necessary updates to mitigate the identified risks. The patches are available for download now, with no reports of active exploitation in the wild at the time of publication.
Organizations should prioritize the Ivanti Xtraction patch given its critical severity rating. Security teams are advised to inventory affected systems and schedule maintenance windows for deployment. Continued monitoring for further advisories from these and other vendors is expected as researchers analyze the patched vulnerabilities.
Source: Delimiter Online
