VYPR
Critical severity9.6NVD Advisory· Published May 12, 2026· Updated May 13, 2026

CVE-2026-8043

CVE-2026-8043

Description

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

Affected products

2
  • Ivanti/Xtraction2 versions
    cpe:2.3:a:ivanti:xtraction:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ivanti:xtraction:*:*:*:*:*:*:*:*range: <2026.2
    • (no CPE)range: <2026.2

Patches

Vulnerability mechanics

References

1

News mentions

3