Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.

Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks.

"External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks," Ivanti said in an advisory.

Fortinet published advisories for two critical shortcomings affecting FortiAuthenticator and FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS that could result in code execution -

CVE-2026-44277 (CVSS score: 9.1) - An improper access control vulnerability in FortiAuthenticator that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. (Fixed in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3)

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Other newsrooms on this story

Related reading

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Other newsrooms on this story

Related reading

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

Microsoft's agentic security system MDASH uncovers four critical Windows RCE…

CVSS vulnerability triage: 5 failures, 5 fixes

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass