Recent security updates have been released by Ivanti, Fortinet, SAP, VMware, and n8n to address several critical vulnerabilities. These flaws, if exploited, could enable unauthorized users to bypass authentication and execute arbitrary code.
Ivanti’s Critical Flaw
Ivanti has identified a significant vulnerability in its Xtraction product, designated as CVE-2026-8043, which has a CVSS score of 9.6. This flaw allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to potential information disclosure and client-side attacks. The issue affects versions prior to 2026.2.
Fortinet Vulnerabilities
Fortinet has released advisories for two critical vulnerabilities: CVE-2026-44277 and CVE-2026-26083, both with a CVSS score of 9.1. The first vulnerability in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized commands via crafted requests. This has been addressed in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3. The second vulnerability, affecting FortiSandbox and its cloud services, may similarly allow unauthorized code execution through HTTP requests, with fixes available in FortiSandbox versions 4.4.9 and 5.0.2, among others.
SAP’s Security Updates
SAP has also issued patches for two critical vulnerabilities, CVE-2026-34260 and CVE-2026-34263, both scoring 9.6. The first is an SQL injection vulnerability in SAP S/4HANA that could allow attackers to inject malicious SQL statements. The second vulnerability, related to SAP Commerce, results from an overly permissive security configuration, allowing unauthorized configuration uploads and code injections, potentially leading to arbitrary server-side code execution.
VMware and n8n Vulnerabilities
Broadcom has addressed a high-severity flaw in VMware Fusion, identified as CVE-2026-41702, with a CVSS score of 7.8. This vulnerability could allow local privilege escalation due to a TOCTOU (Time-of-check Time-of-use) issue. The patch is included in version 26H1.
Additionally, n8n has released fixes for five critical vulnerabilities, all with a CVSS score of 9.4. These include issues related to prototype pollution and remote code execution, affecting various components of n8n. The vulnerabilities are documented as CVE-2026-42231, CVE-2026-42232, CVE-2026-44791, CVE-2026-44789, and CVE-2026-44790, with fixes available in multiple versions of n8n.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
