Critical severity9.6NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2026-8043
CVE-2026-8043
Description
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
3- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation FlawsThe Hacker News · May 18, 2026
- Fortinet, Ivanti Patch Critical VulnerabilitiesSecurityWeek · May 13, 2026