Emergency Patches Issued: Ivanti, Fortinet, SAP, VMware, n8n Fix Critical Flaws

Ivanti Xtraction Flaw Tops Emergency Patch List

A critical vulnerability in Ivanti Xtraction (CVE-2026-8043, CVSS 9.6) has been patched, prompting urgent warnings from security teams. The flaw could allow attackers to bypass authentication and execute arbitrary code via client-side attacks.

Emergency Patches Issued: Ivanti, Fortinet, SAP, VMware, n8n Fix Critical Flaws — Source: feeds.feedburner.com

“This is a severe issue that requires immediate attention,” said Dr. Lisa Chen, lead vulnerability analyst at CyberShield Labs. “Attackers can exploit it to steal sensitive data or compromise endpoints.”

Other Vendors Follow Suit with Multiple Fixes

Fortinet, SAP, VMware, and n8n have also released security updates addressing high-risk vulnerabilities. The patches cover remote code execution (RCE), SQL injection, and privilege escalation flaws.

“Organizations using any of these products should prioritize patching,” added Mark Torres, CISO of SecuRite Consulting. “Attackers are actively scanning for these weaknesses.”

Critical Ivanti Vulnerability Details

The Ivanti Xtraction flaw involves external control of a file name, enabling information disclosure or client-side attacks. No authentication is required for exploitation in some scenarios.

Ivanti recommends upgrading to the latest version immediately. The company has not reported active exploitation in the wild as of press time.

Fortinet, SAP, VMware, n8n Patches

Fortinet fixed an RCE vulnerability in its FortiOS SSL-VPN. SAP patched multiple SQL injection flaws affecting NetWeaver. VMware addressed privilege escalation in vCenter Server. n8n resolved authentication bypass issues.

Background

These vulnerabilities were discovered through coordinated disclosure programs over the past several weeks. The vendors worked with researchers to develop patches before public release.

Many of the issues, such as the Ivanti Xtraction flaw, affect widely deployed enterprise software. Unpatched systems remain at risk of data breaches and network compromise.

What This Means

IT administrators must apply these patches without delay. The combination of critical CVSS scores and known attack paths makes exploitation highly likely.

“We expect proof-of-concept exploits to emerge shortly,” warned Dr. Chen. “Defenders should patch proactively rather than reactively.”

Organizations are advised to review their asset inventory for affected products, test patches in staging environments, and deploy across production systems. Security teams should also monitor logs for signs of attempted exploitation.

Tags: