Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by malicious parties to bypass authentication and execute arbitrary code.
Topping the list is a critical flaw affecting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited for information disclosure or client-side attacks.
“External control of filenames in Ivanti Xtraction versions prior to 2026.2 allows a remote authenticated attacker to read sensitive files or write arbitrary HTML files to web directories, potentially leading to information disclosure and client-side attacks,” Ivanti said in the advisory.
Fortinet has published an advisory regarding two critical flaws that affect FortiAuthenticator, FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS and may lead to code execution.
CVE-2026-44277 (CVSS Score: 9.1) – Improper access control vulnerability in FortiAuthenticator could allow an unauthenticated attacker to execute malicious code or commands via a crafted request. (Fixed in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3) CVE-2026-26083 (CVSS Score: 9.1) – No-authentication vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI allows an unauthenticated attacker to It may be possible to execute malicious code or commands via the request. (Fixed in FortiSandbox versions 4.4.9 and 5.0.2, FortiSandbox Cloud version 5.0.6, and FortiSandbox PaaS versions 4.4.9. and 5.0.2)
SAP also shipped fixes for two critical vulnerabilities.
CVE-2026-34260 (CVSS Score: 9.6) – SQL Injection Vulnerability in SAP S/4HANA CVE-2026-34263 (CVSS Score: 9.6) – Missing Authentication Check in SAP Commerce Cloud Configuration
Regarding CVE-2026-34263, Onapsis said, “This vulnerability is caused by an overly permissive security configuration with improper rule ordering, allowing an unauthenticated user to perform malicious configuration uploads or code injections, resulting in arbitrary code execution on the server side.”
On the other hand, CVE-2026-34260 can be exploited by an attacker to inject malicious SQL statements, impacting application confidentiality and availability. However, this vulnerability does not compromise the integrity of the application because the affected code only allows read access to the data.
“This could allow a low-privileged, authenticated attacker to inject malicious SQL code via user-controlled input, potentially exposing sensitive database information and crashing the application,” Pathlock said.
Broadcom also released a patch for a high-severity flaw in VMware Fusion (CVE-2026-41702, CVSS score: 7.8) that could pave the way for local privilege escalation. This issue was resolved in version 26H1.
“VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during operations performed by SETUID binaries,” Broadcom said. “A malicious attacker with local, non-administrative user privileges could exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.”
Last on the list are five critical vulnerabilities affecting n8n.
CVE-2026-42231 (CVSS Score: 9.4) – A vulnerability in the xml2js library used to parse the XML request body in the webhook handler in n8n allows prototype poisoning via a crafted XML payload, allowing remote code execution on an n8n host by an authenticated user with privileges to create or modify workflows. (Fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1) CVE-2026-42232 (CVSS score: 9.4) – An authenticated user with privileges to create or modify workflows could potentially achieve global prototype pollution via an XML node, which could lead to remote code execution when combined with other nodes that exploit prototype pollution. (Fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1) CVE-2026-44791 (CVSS score: 9.4) – Bypass for CVE-2026-42232 that could allow remote code execution on n8n hosts. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1) CVE-2026-44789 (CVSS score: 9.4) – An authenticated user with privileges to create or modify workflows could cause global prototype pollution via an unvalidated pagination parameter in an HTTP request node, which could lead to remote code execution on an n8n host. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1) CVE-2026-44790 (CVSS score: 9.4) – An authenticated user with privileges to create or modify workflows could inject CLI flags into a Git node push operation, allowing an attacker to It can read arbitrary files from the server, potentially resulting in a complete compromise. (fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1)
Software patches from other vendors
Over the past few weeks, other vendors have also released security updates that fix various vulnerabilities, including:
ABB Adobe Amazon Web Services AMD Apple ASUS Atlassian Axis Communications AVEVA Canon Cisco CODESYS ConnectWise Dell Devolutions Drupal F5 Fortra Foxit Software Fujitsu GitLab GnuTLS Google Android and Pixel Google Chrome Google Cloud Grafana Hikvision Hitachi Energy Honeywell HP HP Enterprise (includes Aruba Networking and Juniper Networks) Huawei IBM Intel Jenkins Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, Ubuntu MediaTek Meta WhatsApp Microsoft Mitel Mitsubishi Electric MongoDB Moxa Mozilla Firefox, Firefox ESR, and Thunderbird NVIDIA OPPO Palo Alto Networks Phoenix Contact Phoenix Technologies Progress Software QNAP Qualcomm React Ricoh Samsung Schneider Electric Siemens Sophos Spring Framework Supermicro Synology Tenable TP-Link WatchGuard Zoom, and Zyxel
Source link
