A critical vulnerability, tracked as CVE-2026-8043, has been discovered in Ivanti Xtraction, posing a significant threat due to its high CVSS score of 9.6. This flaw could be leveraged by attackers to gain unauthorized access to sensitive information or execute malicious code on the client-side. Other notable vulnerabilities have been identified in products from Fortinet, n8n, SAP, and VMware, including remote code execution and SQL injection flaws. These vulnerabilities could be exploited to bypass authentication mechanisms, allowing attackers to gain elevated privileges and execute arbitrary code. Patches have been released by the affected vendors to mitigate these vulnerabilities1. The exploitation status of CVE-2026-8043 is currently being discussed, with some experts recommending immediate patching, while others suggest monitoring the situation. This highlights the importance of staying up-to-date with the latest security fixes to prevent potential attacks, as failing to do so could result in significant security breaches.
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
⚡ High Priority
Why This Matters
CVE-2026-8043 is in active discussion involving Fortinet — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, May 18). Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws. *The Hacker News*. https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html
Original Source
The Hacker News
Read original →