Skip to content

Critical Patches Released for Ivanti, Fortinet, SAP, VMware, and n8n

In a nutshell: Five major software vendors patch critical vulnerabilities with CVSS scores from 7.8 upward – patches must be applied promptly.

Several vendors have remediated security flaws that can lead to arbitrary code execution, SQL injection, and authentication bypass. Affected products include Ivanti Xtraction, FortiAuthenticator, FortiSandbox, SAP S/4HANA, VMware Fusion, and n8n.

Ivanti Xtraction: CVE-2026-8043 (CVSS 9.6) allows authenticated attackers to read sensitive files and write arbitrary HTML files to the web directory in Xtraction versions prior to 2026.2 via external control of file names. This results in information disclosure and potential client-side attacks.

Fortinet: CVE-2026-44277 (CVSS 9.1) is an access control vulnerability in FortiAuthenticator that enables unauthenticated attackers to execute code. Fixed in versions 6.5.7, 6.6.9, and 8.0.3. CVE-2026-26083 (CVSS 9.1) is a missing authorization check in FortiSandbox Web UI (and Cloud/PaaS variants), also vulnerable to unauthenticated RCE over HTTP. Patches are available for versions 4.4.9, 5.0.2, and Cloud 5.0.6.

SAP: CVE-2026-34260 (CVSS 9.6) is a SQL injection vulnerability in S/4HANA that allows a low-privileged authenticated attacker to gain database access and cause application crashes – data integrity remains unaffected as only read access is permitted. CVE-2026-34263 (CVSS 9.6) affects SAP Commerce Cloud and arises from overly permissive security configuration with incorrect rule ordering. An unauthenticated user can upload configurations and inject code, leading to arbitrary server-side code execution.

VMware Fusion: CVE-2026-41702 (CVSS 7.8) is a TOCTOU vulnerability (Time-of-check Time-of-use) in a SETUID binary. A user with local non-admin rights can achieve privilege escalation to root. Fixed in version 26H1.

n8n: Five critical vulnerabilities have been patched. CVE-2026-42231 and CVE-2026-42232 (both CVSS 9.4) enable prototype pollution via XML in the xml2js library and in the XML node respectively – an authenticated workflow creator can achieve RCE on the n8n host. CVE-2026-44791 (CVSS 9.4) is a bypass for CVE-2026-42232, also resulting in RCE. All fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.


Source: ainews-dev.lumi-systems.io · Published May 18, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.5.2.

Share on: