Critical Security Flaws Patched in Ivanti, Fortinet, SAP, VMware, and n8n Products
In a significant move to bolster cybersecurity, leading technology firms Ivanti, Fortinet, SAP, VMware, and n8n have released patches addressing multiple critical vulnerabilities across their product lines. These flaws, if exploited, could allow malicious actors to bypass authentication mechanisms and execute arbitrary code, posing substantial risks to organizations worldwide.
Ivanti’s Critical Vulnerability in Xtraction
Ivanti has identified a severe vulnerability in its Xtraction product, designated as CVE-2026-8043 with a CVSS score of 9.6. This flaw arises from external control of a file name, enabling a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory. Such exploitation could lead to information disclosure and potential client-side attacks. Users are strongly advised to upgrade to version 2026.2 to mitigate this risk.
Fortinet’s Critical Flaws in FortiAuthenticator and FortiSandbox
Fortinet has addressed two critical vulnerabilities:
– CVE-2026-44277: An improper access control issue in FortiAuthenticator, allowing unauthenticated attackers to execute unauthorized code or commands via crafted requests. This vulnerability has been patched in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3.
– CVE-2026-26083: A missing authorization flaw in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI, which could permit unauthenticated attackers to execute unauthorized code or commands through HTTP requests. Fixes are available in FortiSandbox versions 4.4.9 and 5.0.2, FortiSandbox Cloud version 5.0.6, and FortiSandbox PaaS versions 4.4.9 and 5.0.2.
SAP’s Critical Vulnerabilities in S/4HANA and Commerce Cloud
SAP has released patches for two critical vulnerabilities:
– CVE-2026-34260: An SQL injection vulnerability in SAP S/4HANA, which could allow attackers to inject malicious SQL statements, potentially impacting the confidentiality and availability of the application. However, as the affected code permits only read access, the application’s integrity remains uncompromised.
– CVE-2026-34263: A missing authentication check in the SAP Commerce Cloud configuration, caused by an overly permissive security configuration with improper rule ordering. This flaw could enable unauthenticated users to perform malicious configuration uploads and code injections, leading to arbitrary server-side code execution.
VMware’s High-Severity Flaw in Fusion
Broadcom has addressed a high-severity vulnerability in VMware Fusion, identified as CVE-2026-41702 with a CVSS score of 7.8. This Time-of-Check Time-of-Use (TOCTOU) vulnerability occurs during operations performed by a SETUID binary. A local non-administrative user could exploit this flaw to escalate privileges to root on the system where Fusion is installed. Users should update to version 26H1 to resolve this issue.
n8n’s Multiple Critical Vulnerabilities
The open-source workflow automation platform n8n has patched several critical vulnerabilities:
– CVE-2026-42231: A flaw in the xml2js library used to parse XML request bodies in n8n’s webhook handler, allowing prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could achieve remote code execution on the n8n host. This issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
– CVE-2026-42232: An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node, leading to remote code execution when combined with other nodes exploiting the prototype pollution. This vulnerability has been addressed in n8n versions 1.123.32, 2.17.4, and 2.18.1.
– CVE-2026-44791: A bypass for CVE-2026-42232 that could result in remote code execution on the n8n host. The fix is available in n8n versions 1.123.43, 2.20.7, and 2.22.1.
– CVE-2026-44789: An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node, leading to remote code execution on the n8n host. This issue has been resolved in n8n versions 1.123.43, 2.20.7, and 2.22.1.
– CVE-2026-44790: An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node’s Push operation, enabling an attacker to read arbitrary files from the n8n server and resulting in full compromise. The fix is available in n8n versions 1.123.43, 2.20.7, and 2.22.1.
Recommendations for Users
Organizations utilizing these products should promptly apply the available patches to mitigate potential security risks. Regularly updating software and maintaining robust security practices are essential steps in safeguarding systems against emerging threats.
